Re: [PATCH v2 7/7] xfs/ext4: check negative inode size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 09, 2017 at 12:55:18PM -0800, Darrick J. Wong wrote:
> Craft a malicious filesystem image with a negative inode size,
> then try to trigger a kernel DoS by appending data to the file.
> Ideally this should trigger verifier errors instead of hanging.
> 
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> ---
> v2: use $DEBUGFS_PROG instead of debugfs; improve documentation

Thanks for all the updated patches! I fixed a minor typo locally and
committed.

> diff --git a/tests/shared/401 b/tests/shared/401
> new file mode 100755
> index 0000000..7b61cbb
> --- /dev/null
> +++ b/tests/shared/401
> @@ -0,0 +1,77 @@
> +#! /bin/bash
> +# FSQA Test No. 401
> +#
> +# Since loff_t is a signed type, it is invalid for a filesystem to load
> +# an inode with i_size = -1ULL.  Unfortunately, nobody checks this,
> +# which means that we can trivially DoS the VFS by creating such a file
> +# and appending to it.  This causes an integer overflow in the routines
> +# underlying writeback, which results in the kernel locking up.
> +#
> +# So, create this malformed inode and try a buffered dio append to make
                                               ^^^^^^^^
I removed the "buffered" here and from xfs/401.

Thanks,
Eryu
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux