On 2019/8/20 16:46, Qu Wenruo wrote: > [...] >> >> Yeah, it looks like we need searching more levels mapping to find the final >> physical block address of inode/node/data in btrfs. >> >> IMO, in a little lazy way, we can reform and reuse existed function in >> btrfs-progs which can find the mapping info of inode/node/data according to >> specified ino or ino+pg_no. > > Maybe no need to go as deep as ino. > > What about just go physical bytenr? E.g. for XFS/EXT* choose a random > bytenr. Then verify if that block is used, if not, try again. > > If used, check if it's metadata. If not, try again. > (feel free to corrupt data, in fact btrfs uses some data as space cache, > so it should make some sense) > > If metadata, corrupt that bytenr/bytenr range in the metadata block, > regenerate checksum, call it a day and let kernel suffer. > > For btrfs, just do extra physical -> logical convert in the first place, > then follow the same workflow. > It should work for any fs as long as it's on single device. Agree, it will be easier to trigger random injection in specific area, and also I agreed with Ted, some of the time we prefer to do injection in specified field of meta, it looks developer needs to do more work for that. > >> >>> >>> It may depends on the granularity. But definitely a good idea to do so >>> in a generic way. >>> Currently we depend on super kind student developers/reporters on such >> >> Yup, I just guess Wen Xu may be interested in working on a generic way to fuzz >> filesystem, as I know they dig deep in filesystem code when doing fuzz. > > Don't forget Yoon Jungyeon, I see more than one times he reported fuzzed > images with proper reproducer and bugzilla links. Of course I remember him. :) I guess btrfs/f2fs should has improved their stability/robustness a lot due to Jungyeon and Wen Xu's gret fuzz bug report. > Even using his personal mail address, not school mail address. > > Those guys are really awesome! > >> BTW, >> which impresses me is, constructing checkpoint by injecting one byte, and then >> write a correct recalculated checksum value on that checkpoint, making that >> checkpoint looks valid... > > IIRC F2FS guys may be also investigating a similar mechanism, as they > also got a hard fight against reports from those awesome reporters. Actually, f2fs only support realtime fault injection framework, which allows us to inject memory exhausting, IO error, lack of free blocks, shutdown... error during fsstress test. I do think f2fs needs that kind of tool later. Thanks, > > So such fuzzed image is a new trend for fs development. > > Thanks, > Qu > >> >> Thanks, >> > _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel