From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179])
 by mx.groups.io with SMTP id smtpd.web11.1484.1670624936093910325
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 14:28:56 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Fnf1hLSX;
 spf=pass (domain: gmail.com, ip: 209.85.215.179, mailfrom: pedro.falcato@gmail.com)
Received: by mail-pg1-f179.google.com with SMTP id q1so4457744pgl.11
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 14:28:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=DOc6qYEqkn2rwSGZ1SjzZeMqBPBxdsaPRLwx7spWxM4=;
        b=Fnf1hLSXN1o7tovGdn2Ce/z26leiRPTSs8Nlp2jY1oVGSgC8vKhHAtuPO1mvn3qzV9
         DLTYXVi/PPXv4wxycqryaOOxrRpv33q+ARdPBaUL0JTQJO0Iz1yrApRntSxxpIdyQW2Z
         YF6b+r5lIgAC697QXdJdVpm73kUl5+q0I6lFLiXUVBRihfUvNFSmfR9W4jo8irG/y69Q
         +Uon4IzhcR+eoX1HQDcxPK4wUlWAFGEcsNQkCuHWEP05Rd7/ZVDipLv7Eb6ohs66y9Ak
         yuqVSUMSoYBgyt39w1FwZON222n6LhZRjtPp2vveiZ09gGH/gZQzQxZYHVHLF2nB2l7W
         hohA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DOc6qYEqkn2rwSGZ1SjzZeMqBPBxdsaPRLwx7spWxM4=;
        b=37Jx0ymGIVDGDmaf88hlrqWl3Fet+3XPkrN5lwk9P9ukt8oewx+oIosfqSrWYJgpq2
         d18QRt0EHy0OQKD/ht/GT/nxTLq0ZyUdCYbfOz4iMEwic0b09AstcCTkcpSK9unjql67
         MVvO7yEBEglOzaH6tcTvlZ8CvNgdS694pd8Zy4B9vPiujJvOhZgF4K/J39n775sY0NwF
         4C1fSRrovSKczXzjL7YEtGpMy5Q/r0ZHBntVxczoQhHB17NpLUROa83JwkxwnVzdENY/
         LVyvxf9SAhwAw1/NFfrJPEo8jtawT5E1N48ACbSnkQOjtCOdXwILZ01UdE9SDzxp5gNE
         hPfQ==
X-Gm-Message-State: ANoB5pkYj8n16zje5w4ZAUrWjqRy8mv39GLRMYfOtKSlWtFIijd6nHhH
	Piu/C3P66Kk5ta1UL+XeE+Lug/KCarB4Bql0hQM=
X-Google-Smtp-Source: AA0mqf6RFT1KD1Oz+748gM7Pe7cQnKitYsO4sN7XJmv9OeGuqbrkdCddlbp2QQv3WYzQjwatbjNtfWNaNGpip+E83zQ=
X-Received: by 2002:a63:1206:0:b0:43c:76f4:c666 with SMTP id
 h6-20020a631206000000b0043c76f4c666mr74066316pgl.90.1670624935483; Fri, 09
 Dec 2022 14:28:55 -0800 (PST)
MIME-Version: 1.0
References: <20221209161104.70220-1-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
From: "Pedro Falcato" <pedro.falcato@gmail.com>
Date: Fri, 9 Dec 2022 22:28:44 +0000
Message-ID: <CAKbZUD3Dm2Ar2JqmSJ068Gi2GAgKPFUnNYAhGHgFyVX=27vBpQ@mail.gmail.com>
Subject: Re: [edk2-platforms][PATCH v1 00/12] Ext4Pkg: Code correctness and security improvements
To: Savva Mitrofanov <savvamtr@gmail.com>
Cc: devel@edk2.groups.io, =?UTF-8?Q?Marvin_H=C3=A4user?= <mhaeuser@posteo.de>, 
	Vitaly Cheptsov <vit9696@protonmail.com>
Content-Type: multipart/alternative; boundary="000000000000d51f6005ef6cada7"

--000000000000d51f6005ef6cada7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 9, 2022 at 4:11 PM Savva Mitrofanov <savvamtr@gmail.com> wrote:

> Hi all,
>
> This patchset fixes several code problems found by fuzzing Ext4Dxe like
> buffer and integer overflows, memory leaks, logic bugs and so on.
>
> REF: https://github.com/savvamitrofanov/edk2-platforms/tree/master
>
> Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
> Cc: Pedro Falcato <pedro.falcato@gmail.com>
> Cc: Vitaly Cheptsov <vit9696@protonmail.com>
>
> Savva Mitrofanov (12):
>   Ext4Pkg: Fix memory leak in Ext4RetrieveDirent
>   Ext4Pkg: Move EXT4_NAME_MAX definition to Ext4Disk.h
>   Ext4Pkg: Fix global buffer overflow in Ext4ReadDir
>   Ext4Pkg: Fix incorrect checksum metadata feature check
>   Ext4Pkg: Fix division by zero by adding check for s_inodes_per_group
>   Ext4Pkg: Add comparison between Position and FileSize in
>     Ext4SetPosition
>   Ext4Pkg: Add inode number validity check
>   Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock
>   Ext4Pkg: Correct integer overflow check on multiplication in DiskUtil
>   Ext4Pkg: Check that source file is directory in Ext4OpenInternal
>   Ext4Pkg: Check VolumeName allocation correctness in Ext4GetVolumeName
>   Ext4Pkg: Add missing exit Status in Ext4OpenDirent
>

Hi!

Thanks for the patches (and the fuzzing!). They all mostly lgtm, just some
small nits. Please fix them so I can test and merge.

Also, could you add a Fixes tag to each patch (like in the LKML and
elsewhere in OVMF) so we can more easily track what each patch fixes? Using
something simple like the oldest git blame of what you're fixing should be
enough in this case, no need for git bisect. I just want to establish a
good, clean track record here for me and for downstream users to better
know what they need to pick up!

Thanks,
Pedro

--000000000000d51f6005ef6cada7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Fri, Dec 9, 2022 at 4:11 PM Savva Mitr=
ofanov &lt;<a href=3D"mailto:savvamtr@gmail.com">savvamtr@gmail.com</a>&gt;=
 wrote:</div><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex">Hi all,<br>
<br>
This patchset fixes several code problems found by fuzzing Ext4Dxe like<br>
buffer and integer overflows, memory leaks, logic bugs and so on.<br>
<br>
REF: <a href=3D"https://github.com/savvamitrofanov/edk2-platforms/tree/mast=
er" rel=3D"noreferrer" target=3D"_blank">https://github.com/savvamitrofanov=
/edk2-platforms/tree/master</a><br>
<br>
Cc: Marvin H=C3=A4user &lt;<a href=3D"mailto:mhaeuser@posteo.de" target=3D"=
_blank">mhaeuser@posteo.de</a>&gt;<br>
Cc: Pedro Falcato &lt;<a href=3D"mailto:pedro.falcato@gmail.com" target=3D"=
_blank">pedro.falcato@gmail.com</a>&gt;<br>
Cc: Vitaly Cheptsov &lt;<a href=3D"mailto:vit9696@protonmail.com" target=3D=
"_blank">vit9696@protonmail.com</a>&gt;<br>
<br>
Savva Mitrofanov (12):<br>
=C2=A0 Ext4Pkg: Fix memory leak in Ext4RetrieveDirent<br>
=C2=A0 Ext4Pkg: Move EXT4_NAME_MAX definition to Ext4Disk.h<br>
=C2=A0 Ext4Pkg: Fix global buffer overflow in Ext4ReadDir<br>
=C2=A0 Ext4Pkg: Fix incorrect checksum metadata feature check<br>
=C2=A0 Ext4Pkg: Fix division by zero by adding check for s_inodes_per_group=
<br>
=C2=A0 Ext4Pkg: Add comparison between Position and FileSize in<br>
=C2=A0 =C2=A0 Ext4SetPosition<br>
=C2=A0 Ext4Pkg: Add inode number validity check<br>
=C2=A0 Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock<br>
=C2=A0 Ext4Pkg: Correct integer overflow check on multiplication in DiskUti=
l<br>
=C2=A0 Ext4Pkg: Check that source file is directory in Ext4OpenInternal<br>
=C2=A0 Ext4Pkg: Check VolumeName allocation correctness in Ext4GetVolumeNam=
e<br>
=C2=A0 Ext4Pkg: Add missing exit Status in Ext4OpenDirent<br></blockquote><=
div><br></div><div>Hi!</div><div><br></div><div>Thanks for the patches (and=
 the fuzzing!). They all mostly lgtm, just some small nits. Please fix them=
 so I can test and merge.</div><div><br></div><div>Also, could you add a Fi=
xes tag to each patch (like in the LKML and elsewhere in OVMF) so we can mo=
re easily track what each patch fixes? Using something simple like the olde=
st git blame of what you&#39;re fixing should be enough in this case, no ne=
ed for git bisect. I just want to establish a good, clean track record here=
 for me and for downstream users to better know what they need to pick up!<=
/div><div><br></div><div>Thanks,<br></div></div><div dir=3D"ltr" class=3D"g=
mail_signature"><div dir=3D"ltr">Pedro<br></div></div></div>

--000000000000d51f6005ef6cada7--