Re: [PATCH v2 7/7] xfs/ext4: check negative inode size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 10, 2017 at 12:40:23PM +0800, Eryu Guan wrote:
> On Mon, Jan 09, 2017 at 12:55:18PM -0800, Darrick J. Wong wrote:
> > Craft a malicious filesystem image with a negative inode size,
> > then try to trigger a kernel DoS by appending data to the file.
> > Ideally this should trigger verifier errors instead of hanging.
> > 
> > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> > ---
> > v2: use $DEBUGFS_PROG instead of debugfs; improve documentation
> 
> Thanks for all the updated patches! I fixed a minor typo locally and
> committed.
> 
> > diff --git a/tests/shared/401 b/tests/shared/401
> > new file mode 100755
> > index 0000000..7b61cbb
> > --- /dev/null
> > +++ b/tests/shared/401
> > @@ -0,0 +1,77 @@
> > +#! /bin/bash
> > +# FSQA Test No. 401
> > +#
> > +# Since loff_t is a signed type, it is invalid for a filesystem to load
> > +# an inode with i_size = -1ULL.  Unfortunately, nobody checks this,
> > +# which means that we can trivially DoS the VFS by creating such a file
> > +# and appending to it.  This causes an integer overflow in the routines
> > +# underlying writeback, which results in the kernel locking up.
> > +#
> > +# So, create this malformed inode and try a buffered dio append to make
>                                                ^^^^^^^^
> I removed the "buffered" here and from xfs/401.

D'oh!!!  Thanks for fixing that.

--D

> 
> Thanks,
> Eryu
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux