Em 15/10/2024 12:59, Gabriel Krisman Bertazi escreveu:
> André Almeida <andrealmeid@igalia.com> writes:
>
>> +static inline bool generic_ci_validate_strict_name(struct inode *dir, struct qstr *name)
>> +{
>> + if (!IS_CASEFOLDED(dir) || !sb_has_strict_encoding(dir->i_sb))
>> + return true;
>> +
>> + /*
>> + * A casefold dir must have a encoding set, unless the filesystem
>> + * is corrupted
>> + */
>> + if (WARN_ON_ONCE(!dir->i_sb->s_encoding))
>> + return true;
>> +
>> + return utf8_validate(dir->i_sb->s_encoding, name);
>
> There is something fishy here. Concerningly, the fstests test doesn't
> catch it.
>
> utf8_validate is defined as:
>
> int utf8_validate(const struct unicode_map *um, const struct qstr *str)
>
> Which returns 0 on success and !0 on error. Thus, when casting to bool,
> the return code should be negated.
>
> But generic/556 doesn't fail. That's because we are over cautious, and
> also check the string at the end of generic_ci_d_hash. So we never
> really reach utf8_validate in the tested case.
>
> But if you comment the final if in generic_ci_d_hash, you'll see this
> patchset regresses the fstests case generic/556 over ext4.
>
> We really need the check in both places, though. We don't want to rely
> on the behavior of generic_ci_d_hash to block invalid filenames, as that
> might change.
>
Thanks Krisman! Nice catch. I fixed this for the next version. Testing
with the modified generic_ci_d_hash(), I also realized that the
validation was in the wrong place and leaving an inode behind, this fixed:
diff --git a/mm/shmem.c b/mm/shmem.c
index eb1ea1f3b37c..7bd7ca5777af 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -3624,13 +3624,13 @@ shmem_mknod(struct mnt_idmap *idmap, struct
inode *dir,
struct inode *inode;
int error;
+ if (!generic_ci_validate_strict_name(dir, &dentry->d_name))
+ return -EINVAL;
+
inode = shmem_get_inode(idmap, dir->i_sb, dir, mode, dev,
VM_NORESERVE);
if (IS_ERR(inode))
return PTR_ERR(inode);
- if (!generic_ci_validate_strict_name(dir, &dentry->d_name))
- return -EINVAL;
-