Hi, On 2020/8/31 0:23, Eryu Guan wrote: > On Sat, Aug 22, 2020 at 07:41:32PM +0800, Hou Tao wrote: >> Add reproducer for a bug on ubifs where listxattr() copies >> the newly created xattr names regardless of the remaining >> buffer size, fails the assertion of used buffer size, >> and may corrupt buffer memory. >> >> Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx> >> --- >> v2: accommodate f2fs by reducing the number of created xattrs for f2fs > > Thanks for the test and revision! Is there a fix available for the ubifs > bug? If so would you please mention the kernel commit ID in commit log > as well? > The fixes [1] have not been reviewed yet, so we may need to hold on until the fixes get merged ? [1]: https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@xxxxxxxxxx/ Regards, Tao > Chao, would you please help check the update regarding to f2fs? Thanks! > > Eryu > >> >> tests/generic/998 | 67 +++++++++++++++++++++++++++++++++++++++++++ >> tests/generic/998.out | 2 ++ >> tests/generic/group | 1 + >> 3 files changed, 70 insertions(+) >> create mode 100644 tests/generic/998 >> create mode 100644 tests/generic/998.out >> >> diff --git a/tests/generic/998 b/tests/generic/998 >> new file mode 100644 >> index 00000000..26a5b620 >> --- /dev/null >> +++ b/tests/generic/998 >> @@ -0,0 +1,67 @@ >> +#! /bin/bash >> +# SPDX-License-Identifier: GPL-2.0 >> +# Copyright (c) 2020 Huawei. All Rights Reserved. >> +# >> +# FS QA Test 998 >> +# >> +# Test race between listxattr() and setxattr(). It reproduces a bug >> +# on UBIFS where listxattr() copies the newly created xattr names >> +# regardless of the remaining buffer size, fails the assertion of >> +# used buffer size, and may corrupt buffer memory. >> +# >> +seq=`basename $0` >> +seqres=$RESULT_DIR/$seq >> +echo "QA output created by $seq" >> + >> +here=`pwd` >> +tmp=/tmp/$$ >> +status=1 # failure is the default! >> +trap "_cleanup; exit \$status" 0 1 2 3 15 >> + >> +_cleanup() >> +{ >> + cd / >> + rm -f $tmp.* >> + rm -f $TEST_DIR/$seq >> +} >> + >> +# get standard environment, filters and checks >> +. ./common/rc >> +. ./common/attr >> + >> +# remove previous $seqres.full before test >> +rm -f $seqres.full >> + >> +# real QA test starts here >> +_supported_fs generic >> +_supported_os Linux >> +_require_attrs >> + >> +target=$TEST_DIR/$seq >> +touch $target >> + >> +# start a background listxattr >> +runfile="$tmp.listxattr" >> +touch $runfile >> +while [ -e $runfile ]; do >> + ${GETFATTR_PROG} $target >/dev/null 2>&1 >> +done & >> + >> +# add new xattr continuously >> +largename=`for i in $(seq 0 128); do echo -n a; done` >> +cnt=100 >> +# f2fs has limited spaces for xattr >> +[ $FSTYP == "f2fs" ] && cnt=30 >> +for i in $(seq 1 $cnt); do >> + ${SETFATTR_PROG} -n user.${largename}.$i -v $i $target >> +done >> + >> +rm -f $runfile >> +wait > /dev/null 2>&1 >> +rm -f $target >> + >> +echo Silence is golden >> + >> +# success, all done >> +status=0 >> +exit >> diff --git a/tests/generic/998.out b/tests/generic/998.out >> new file mode 100644 >> index 00000000..d2679ae0 >> --- /dev/null >> +++ b/tests/generic/998.out >> @@ -0,0 +1,2 @@ >> +QA output created by 998 >> +Silence is golden >> diff --git a/tests/generic/group b/tests/generic/group >> index d9ab9a31..62697ac5 100644 >> --- a/tests/generic/group >> +++ b/tests/generic/group >> @@ -605,3 +605,4 @@ >> 600 auto quick quota >> 601 auto quick quota >> 602 auto quick encrypt >> +998 auto quick attr >> -- >> 2.25.0.4.g0ad7144999 > . >
