Add a regression test to see if kernel hangs in order to
look after CVE-2020-12655 and check if the corresponding
fix is applied as well.
Signed-off-by: Gao Xiang <hsiangkao@xxxxxxxxxx>
---
tests/xfs/520 | 98 +++++++++++++++++++++++++++++++++++++++++++++++
tests/xfs/520.out | 2 +
tests/xfs/group | 1 +
3 files changed, 101 insertions(+)
create mode 100755 tests/xfs/520
create mode 100644 tests/xfs/520.out
diff --git a/tests/xfs/520 b/tests/xfs/520
new file mode 100755
index 00000000..28354f8d
--- /dev/null
+++ b/tests/xfs/520
@@ -0,0 +1,98 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (c) 2020 Red Hat, Inc. All Rights Reserved.
+#
+# FS QA Test 520
+#
+# Verify kernel doesn't hang when mounting a crafted image
+# with bad agf.freeblks metadata due to CVE-2020-12655.
+#
+# Also, check if
+# commit d0c7feaf8767 ("xfs: add agf freeblocks verify in xfs_agf_verify")
+# is included in the current kernel.
+#
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+ _scratch_unmount
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+# Modify as appropriate.
+_supported_fs xfs
+_supported_os Linux
+_disable_dmesg_check
+
+bigval=100000000
+fsdsopt="-d agcount=1,size=64m"
+
+_require_scratch
+_scratch_mkfs_xfs $fsdsopt >> $seqres.full 2>&1 || _fail "mkfs failed"
+
+# test if forcing agf.freeblks = 0 could cause the kernel livelock.
+_scratch_xfs_set_metadata_field freeblks 0 "agf 0" >> $seqres.full 2>&1
+if _try_scratch_mount >> $seqres.full 2>&1; then
+ echo potential broken kernel, try to reproduce the bug anyway
+ dd if=/dev/zero of=$SCRATCH_MNT/test bs=65536 count=1 >> $seqres.full 2>&1
+ sync
+ _scratch_unmount
+fi
+
+_scratch_mkfs_xfs -f $fsdsopt >> $seqres.full 2>&1 || _fail "mkfs failed"
+
+# test if forcing agf.longest = $bigval shouldn't be mounted.
+_scratch_xfs_set_metadata_field longest $bigval "agf 0" >> $seqres.full 2>&1
+_try_scratch_mount >> $seqres.full 2>&1 && \
+ _fail "potential broken kernel, mount should have failed"
+
+_scratch_mkfs_xfs -f $fsdsopt >> $seqres.full 2>&1 || _fail "mkfs failed"
+
+# test if forcing agf.length = $bigval shouldn't be mounted.
+_scratch_xfs_set_metadata_field length $bigval "agf 0" >> $seqres.full 2>&1
+_try_scratch_mount >> $seqres.full 2>&1 && \
+ _fail "potential broken kernel, mount should have failed"
+
+
+if _scratch_mkfs_xfs_supported -m reflink=1 >> $seqres.full 2>&1; then
+ _scratch_mkfs_xfs -f -m reflink=1 $fsdsopt >> $seqres.full 2>&1 || \
+ _fail "mkfs failed"
+
+ # test if forcing agf.refcntblocks = $bigval shouldn't be mounted.
+ _scratch_xfs_set_metadata_field refcntblocks $bigval "agf 0" >> $seqres.full 2>&1
+ _try_scratch_mount >> $seqres.full 2>&1 && \
+ _fail "potential broken kernel, mount should have failed"
+fi
+
+if _scratch_mkfs_xfs_supported -m rmapbt=1 >> $seqres.full 2>&1; then
+ _scratch_mkfs_xfs -f -m rmapbt=1 $fsdsopt >> $seqres.full 2>&1 || \
+ _fail "mkfs failed"
+
+ # test if forcing agf.rmapblocks = $bigval shouldn't be mounted.
+ _scratch_xfs_set_metadata_field rmapblocks $bigval "agf 0" >> $seqres.full 2>&1
+ _try_scratch_mount >> $seqres.full 2>&1 && \
+ _fail "potential broken kernel, mount should have failed"
+fi
+
+echo "Silence is golden"
+
+# success, all done
+status=0
+exit
diff --git a/tests/xfs/520.out b/tests/xfs/520.out
new file mode 100644
index 00000000..2a59b872
--- /dev/null
+++ b/tests/xfs/520.out
@@ -0,0 +1,2 @@
+QA output created by 520
+Silence is golden
diff --git a/tests/xfs/group b/tests/xfs/group
index daf54add..433f04d0 100644
--- a/tests/xfs/group
+++ b/tests/xfs/group
@@ -517,3 +517,4 @@
517 auto quick fsmap freeze
518 auto quick quota
519 auto quick reflink
+520 auto quick reflink dangerous
--
2.18.1
