On Thu, 1 May 2025 19:24:33 -0500 Andrew Hamilton <adham...@gmail.com> wrote:
> Hi Glenn, > > This patch was focused on the most serious issue being seen by people where > GRUB might hang during startup and grub-mount may crash. > > There are remaining issues in NTFS, I saw the same failures you are seeing > from the filesystem tests. > > I have been working on fixing the rest of the grub-fstest failures, but it > has turned out to be quite involved so it's taking some time. There are > some issues in the validate_attribute function (like the run size > calculation seems wrong) and also how validate_attribute is used in some > places (I think it's being mixed between attributes and attribute-lists). > It is complicated by trying to fix the regression while also trying to > avoid reintroducing the fuzzing identified issues that were being fixed > originally. > > I'm still working at it, and intend to submit a new patch when I have it. > Sorry for the slowness, it's something I try to do whenever I have some > free time. If anyone is an NTFS expert I'd be more than happy to hand it > off ;) Thanks for the clarification. My email was send to raise awareness, as I hadn't seen this issue being discussed on the list. Glad to know that this issue is known and being worked on. Much appreciated, carry on. Glenn > > > Thanks, > Andrewkernel/printk/printk.c > > On Thu, May 1, 2025 at 5:50 PM Glenn Washburn <developm...@efficientek.com> > wrote: > > > On Thu, 20 Mar 2025 18:28:00 -0500 > > Andrew Hamilton <adham...@gmail.com> wrote: > > > > > A regression was introduced recently as a part of the series of > > > filesystem related patches to address some CVEs found in GRUB. > > > > > > This issue may cause either an infinite loop at startup when > > > accessing certain valid NTFS file systems, or may cause a crash > > > due to a NULL pointer deference on systems where "NULL" address > > > is invalid (such as may happen when calling grub-mount from > > > the operating system level). > > > > > > Correct this issue by checking that at->attr_cur is within bounds > > > inside find_attr. > > > > > > Fixes: https://savannah.gnu.org/bugs/?66855 > > > > The NTFS filesystem test is failing even though this change is > > included. grub-fstest is failing to detect the generated NTFS > > filesystem as NTFS. The debug log shows these lines: > > > > grub-core/kern/fs.c:56:fs: Detecting ntfs... > > grub-core/fs/ntfs.c:212:ntfs: spare=800 min_size=73 attr_size=72 > > grub-core/kern/fs.c:79:fs: error: no $INDEX_ROOT. > > grub-core/kern/fs.c:80:fs: ntfs detection failed. > > > > Based on where this error message is generated, it looks like the issue > > is in find_attr(). So this change looks like a partial fix. > > > > Glenn > > > > > Co-authored-by: B Horn <b...@horn.uk> > > > Co-authored-by: Andrew Hamilton <adham...@gmail.com> > > > Signed-off-by: Andrew Hamilton <adham...@gmail.com> > > > --- > > > V2 -> V3: Changed NULL check to >= at->mft->buf > > > > > > grub-core/fs/ntfs.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c > > > index 960833a34..767b93c21 100644 > > > --- a/grub-core/fs/ntfs.c > > > +++ b/grub-core/fs/ntfs.c > > > @@ -387,7 +387,8 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t > > attr) > > > } > > > at->attr_cur = at->attr_nxt; > > > mft_end = at->mft->buf + (at->mft->data->mft_size << > > GRUB_NTFS_BLK_SHR); > > > - while (at->attr_cur < mft_end && *at->attr_cur != 0xFF) > > > + while (at->attr_cur >= at->mft->buf && at->attr_cur < mft_end > > > + && *at->attr_cur != 0xFF) > > > { > > > at->attr_nxt = next_attribute (at->attr_cur, at->end); > > > if (*at->attr_cur == GRUB_NTFS_AT_ATTRIBUTE_LIST) > > _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
