From: bugzilla-daemon@bugzilla.kernel.org
To: linux-f2fs-devel@lists.sourceforge.net
Subject: [Bug 202637] New: Chmod'ed directory permission is not persisted with fsync
Date: Thu, 21 Feb 2019 03:05:57 +0000 [thread overview]
Message-ID: <bug-202637-202145@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=202637
Bug ID: 202637
Summary: Chmod'ed directory permission is not persisted with
fsync
Product: File System
Version: 2.5
Kernel Version: v5.0.0-rc7 (latest)
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: f2fs
Assignee: filesystem_f2fs@kernel-bugs.kernel.org
Reporter: seulbae@gatech.edu
Regression: No
Created attachment 281251
--> https://bugzilla.kernel.org/attachment.cgi?id=281251&action=edit
Proof of Concept
[Kernel version]
This bug can be reproduced on
kernel 5.0.0-rc7.
[Reproduce] * Use a VM, since our PoC simulates a crash by triggering a SysRq!
1. Download base image
$ wget https://gts3.org/~seulbae/fsimg/f2fs-10.image
2. Mount image
$ mkdir /tmp/f2fs
$ sudo mount -o loop f2fs-10.image /tmp/f2fs
3. Compile and run PoC
$ gcc poc.c -o poc
$ sudo ./poc /tmp/f2fs
(System reboots)
[Check]
1. Re-mount the crashed image
$ mkdir /tmp/f2fs
$ sudo mount -o loop f2fs-10.image /tmp/f2fs
2. Check inconsistency
$ stat /tmp/f2fs/foo
-> Access: (0755/drwxr-xr-x)
[Description]
In the base image, 2 directories and 7 files exist.
0: 0755 (mount_point)
+--257: 0755 foo
+--258: 0755 bar
+--259: 0644 baz (12 bytes, offset: {})
+--259: 0644 hln (12 bytes, offset: {})
+--260: 0644 xattr (0 bytes, offset: {})
+--261: 0644 acl (0 bytes, offset: {})
+--262: 0644 æøå (4 bytes, offset: {})
+--263: 0644 fifo
+--264: 0777 sln -> mnt/foo/bar/baz
The PoC basically
1. opens directory "foo",
(line 26) fd = syscall(SYS_open, "./foo", O_DIRECTORY, 0);
2. changes the permission of it to 0666,
(line 27) syscall(SYS_chmod, "./foo", 0666);
3. flushes its metadata, and then
(line 28) syscall(SYS_fsync, fd);
4. simulates a crash by rebooting right away without unmounting.
(line 30) system("echo b > /proc/sysrq-trigger");
As we run fsync operation on "foo",
we expect that the metadata regarding
the new permission is successfully flushed to disk,
and when we remount the crashed image,
we will see that "foo"'s mode is changed to 0666.
However, the directory still has its old mode, 0755.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next reply other threads:[~2019-02-21 3:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-21 3:05 bugzilla-daemon [this message]
2019-02-24 3:12 ` [Bug 202637] Chmod'ed directory permission is not persisted with fsync bugzilla-daemon
2019-02-25 19:30 ` bugzilla-daemon
2019-02-26 8:40 ` bugzilla-daemon
2019-03-16 8:03 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-202637-202145@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).