Re: [PATCH v5 4/4] ntfs: validate index root allocated_size on lookup

[Hyunchul Lee]

Hi Daemyung,

2026년 6월 7일 (일) 오후 2:17, DaeMyung Kang <charsyam@xxxxxxxxx>님이 작성:
>
> The resident $INDEX_ROOT validator already checks the index root header
> fields, but it still does not bound index_length through allocated_size or
> ensure allocated_size stays within the resident index area.
>
> Callers consume index.allocated_size as the resident root capacity.
> ntfs_ie_add() uses it to decide whether an insertion can be done in place,
> and ntfs_ie_insert() then updates the root without re-checking the resident
> value boundary.
>
> Read allocated_size in the resident $INDEX_ROOT validator, require it to be
> 8-byte aligned, require index_length <= allocated_size, and require
> allocated_size <= the resident index area. Valid slack remains allowed.
>
> Signed-off-by: DaeMyung Kang <charsyam@xxxxxxxxx>
> ---
>  fs/ntfs/attrib.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
> index cf49eade6b22..49c8f1f3b9dd 100644
> --- a/fs/ntfs/attrib.c
> +++ b/fs/ntfs/attrib.c
> @@ -657,15 +657,19 @@ static bool ntfs_index_root_attr_value_is_valid(const u8 *value, const u32 value

Applying this patch failed.
It seems that the patch below has not been merged yet.
https://lore.kernel.org/all/20260530143514.3083601-7-charsyam@xxxxxxxxx/

>         u32 index_size;
>         u32 entries_offset;
>         u32 index_length;
> +       u32 allocated_size;
>
>         ir = (const struct index_root *)value;
>         index_size = value_length - offsetof(struct index_root, index);
>         entries_offset = le32_to_cpu(ir->index.entries_offset);
>         index_length = le32_to_cpu(ir->index.index_length);
> +       allocated_size = le32_to_cpu(ir->index.allocated_size);
>
> -       if ((entries_offset | index_length) & 7 ||
> +       if ((entries_offset | index_length | allocated_size) & 7 ||
>             entries_offset < sizeof(struct index_header) ||
>             entries_offset > index_length ||
> +           index_length > allocated_size ||
> +           allocated_size > index_size ||
>             index_length - entries_offset < sizeof(struct index_entry_header))
>                 return false;
>
> --
> 2.43.0



-- 
Thanks,
Hyunchul