On Wed, Jun 18, 2025 at 06:02:00AM +0100, Al Viro wrote:
> On Wed, Jun 18, 2025 at 05:50:16AM +0100, Al Viro wrote:
>
> > NAK. This is not the first time that garbage is suggested and no,
> > we are not going to paper over that shite in fs/namei.c.
> >
> > Not going to happen.
> >
> > You ARE NOT ALLOWED to call make_bad_inode() on a live inode, period.
> > Never, ever to be done.
> >
> > There's a lot of assertions it violates and there's no chance in
> > hell to plaster each with that kind of checks.
> >
> > Fix NTFS. End of story.
>
> To elaborate a bit: if you look at the end of e.g. their attr_set_size(),
> you'll see
> out:
> if (is_bad) {
> bad_inode:
> _ntfs_bad_inode(&ni->vfs_inode);
> }
> return err;
> }
>
> This is a bug. So are similar places all over the place there.
> You are not supposed to use make_bad_inode() as a general-purpose
> "something went wrong, don't wanna see it anymore" tool.
>
> And as long as it stays there, any fuzzing reports of ntfs are pretty
> much worthless - any of those places (easily located by grepping for
> _ntfs_bad_inode) can fuck the kernel up. Once ntfs folks get around
> to saner error recovery, it would make sense to start looking into
> fuzzing that thing again. Until then - nope. Again, this is *NOT*
> going to be papered over in a random set of places (pretty certain
> to remain incomplete) in VFS.
Note that anything that calls __d_add(dentry, inode) with is_bad_inode(inode)
(or d_add(), or d_instantiate(), or d_splice_alias() under the same conditions)
is also FUBAR.
So's anything that calls make_bad_inode() on a struct inode that might be
in process of being passed to one of those functions by another thread.
This is fundamentally wrong; bad inodes are not supposed to end up attached
to dentries.
