On Tue, Jan 10, 2017 at 12:40:23PM +0800, Eryu Guan wrote: > On Mon, Jan 09, 2017 at 12:55:18PM -0800, Darrick J. Wong wrote: > > Craft a malicious filesystem image with a negative inode size, > > then try to trigger a kernel DoS by appending data to the file. > > Ideally this should trigger verifier errors instead of hanging. > > > > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > --- > > v2: use $DEBUGFS_PROG instead of debugfs; improve documentation > > Thanks for all the updated patches! I fixed a minor typo locally and > committed. > > > diff --git a/tests/shared/401 b/tests/shared/401 > > new file mode 100755 > > index 0000000..7b61cbb > > --- /dev/null > > +++ b/tests/shared/401 > > @@ -0,0 +1,77 @@ > > +#! /bin/bash > > +# FSQA Test No. 401 > > +# > > +# Since loff_t is a signed type, it is invalid for a filesystem to load > > +# an inode with i_size = -1ULL. Unfortunately, nobody checks this, > > +# which means that we can trivially DoS the VFS by creating such a file > > +# and appending to it. This causes an integer overflow in the routines > > +# underlying writeback, which results in the kernel locking up. > > +# > > +# So, create this malformed inode and try a buffered dio append to make > ^^^^^^^^ > I removed the "buffered" here and from xfs/401. D'oh!!! Thanks for fixing that. --D > > Thanks, > Eryu -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
