On Wed, Oct 16, 2019 at 09:08:51PM +0200, "Marc Schönefeld" wrote:
> Hi all,
>
> it looks like there is a sanity check missing for the divisor
> (m_ialloc_blks) in line 664 of xfsprogs-5.2.1/libxfs/init.c:
> Program received signal SIGFPE, Arithmetic exception.
>
> 0x0000000000427ddf in libxfs_mount (mp=mp@entry=0x6a2de0 <xmount>, sb=sb@entry=0x6a2de0 <xmount>, dev=18446744073709551615,
> logdev=<optimized out>, rtdev=<optimized out>, flags=flags@entry=1) at init.c:663
>
> which is
>
> 663 mp->m_maxicount = XFS_FSB_TO_INO(mp,
> 664 (mp->m_maxicount / mp->m_ialloc_blks) *
> 665 mp->m_ialloc_blks);
That's code is gone now. The current calculation in the dev tree is
quite different thanks to:
commit 3a05ab227ebd5982f910f752692c87005c7b3ad3
Author: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Date: Wed Aug 28 12:08:08 2019 -0400
xfs: refactor inode geometry setup routines
Source kernel commit: 494dba7b276e12bc3f6ff2b9b584b6e9f693af45
Migrate all of the inode geometry setup code from xfs_mount.c into a
single libxfs function that we can share with xfsprogs.
Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxxx>
And so it doesn't have a divide-by-zero vector in it anymore.
So it's probably best that you update your source tree to the latest
for-next and retest. It's almost always a good idea to test against
the latest dev tree, that way you aren't finding bugs we've already
found and fixed...
> In case it would be required I have a reproducer file for this,
> which I can share via pm. The bug is reachable from user input via
> the "xfs_db -c _cmd_ _xfsfile_" command.
I'm guessing that you are fuzzing filesystem images and the issue is
that the inode geometry values in the superblock have been fuzzed to
be incorrect? What fuzzer are you using to generate the image, and
what's the mkfs.xfs output that was used to create the base image
that was then fuzzed?
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
