From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Tue, 10 Jan 2017 12:40:23 +0800 From: Eryu Guan Subject: Re: [PATCH v2 7/7] xfs/ext4: check negative inode size Message-ID: <20170110044023.GK1859@eguan.usersys.redhat.com> References: <148357827617.7677.15595044775254927245.stgit@birch.djwong.org> <148357832063.7677.12994144585642711957.stgit@birch.djwong.org> <20170109205518.GF14033@birch.djwong.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170109205518.GF14033@birch.djwong.org> To: "Darrick J. Wong" Cc: linux-xfs@vger.kernel.org, fstests@vger.kernel.org List-ID: On Mon, Jan 09, 2017 at 12:55:18PM -0800, Darrick J. Wong wrote: > Craft a malicious filesystem image with a negative inode size, > then try to trigger a kernel DoS by appending data to the file. > Ideally this should trigger verifier errors instead of hanging. > > Signed-off-by: Darrick J. Wong > --- > v2: use $DEBUGFS_PROG instead of debugfs; improve documentation Thanks for all the updated patches! I fixed a minor typo locally and committed. > diff --git a/tests/shared/401 b/tests/shared/401 > new file mode 100755 > index 0000000..7b61cbb > --- /dev/null > +++ b/tests/shared/401 > @@ -0,0 +1,77 @@ > +#! /bin/bash > +# FSQA Test No. 401 > +# > +# Since loff_t is a signed type, it is invalid for a filesystem to load > +# an inode with i_size = -1ULL. Unfortunately, nobody checks this, > +# which means that we can trivially DoS the VFS by creating such a file > +# and appending to it. This causes an integer overflow in the routines > +# underlying writeback, which results in the kernel locking up. > +# > +# So, create this malformed inode and try a buffered dio append to make ^^^^^^^^ I removed the "buffered" here and from xfs/401. Thanks, Eryu