Re: Filesystem fuzzing

[Szabolcs Szakacsits <szaka-IyvsvuGDJ8VAfugRpC6u6w@public.gmane.org>]

Hi Eric,

On Mon, 19 May 2008, Eric Sesterhenn wrote:

> i do some regular filesystem fuzzing, based on a modified version
> of lmhs fsfuzzer. I try to test current -git at least once a week.
> Most modifications are adding of new filesystems or mounting
> them with different options, but i also added 
> some new tests like invoking iozone, fsx or fsstress if available
> 
> I currently test  vfat, udf, msdos, swap, iso9660, ext2,
> ext3, ext4, hfs, hfsplus, gfs2, ntfs, minix, qnx4, affs and bfs

Thanks for doing this :-)

We added ntfs-3g and fuse support, fixed the one crash and three hang 
problems it found and made a new stable ntfs-3g 1.2531 release available:

	http://ntfs-3g.org/

The fsfuzzer patch is attached below, it includes

 - fixes for potentially leaking loop device
 - simplification for mkntfs which can be used on files
 - ntfs-3g and fuse support

> if someone maintaining one of those filesystems is interested in oops 
> reports please let me know.

We would appreciate ntfs-3g testing a lot. FUSE is used by over a hundred 
file systems and ntfs-3g by many users, devices. 

Kernel changes sometimes introduced new behaviours which resulted subtle 
bugs or exposed hidded ones. We were lucky a few times, even if we're 
always looking for and keep improving the quality process.

> I can only test on a 32bit x86 box at the moment, so it might be 
> interesting if someone runs this stuff on some 64bit box or other 
> architecture.

We are using fsfuzz on x86_64 too and hopefully soon on big-endian MIPS 
and ARM.

You would only need FUSE module support in the kernel and 
'./configure && make && make install' for the ntfs-3g package. 
Then everything works just like if it were a fully in-kernel driver 
(mount -t, etc).

Ntfs-3g bug reports could go to ntfs-3g-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, fuse 
ones to fuse-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, or anywhere else, we monitor 
several lists.

If you have any question, problem then we'd be happy to answer and help any 
time.

This tool is really great. It will be very useful for hot-repair testing as
well in the future :-)

Thanks,
	   Szaka
 
diff -ur fsfuzzer-0.6-lmh.orig/fsfuzz fsfuzzer-0.6-lmh/fsfuzz
--- fsfuzzer-0.6-lmh.orig/fsfuzz	2008-05-19 12:14:33.000000000 +0300
+++ fsfuzzer-0.6-lmh/fsfuzz	2008-05-29 19:06:03.000000000 +0300
@@ -50,7 +50,7 @@
 fi
 
 if [ -x /sbin/mkfs.ntfs ] ; then
-	filesystems="$filesystems ntfs"
+	filesystems="$filesystems ntfs ntfs-3g"
 fi
 
 if [ -x /sbin/mkfs.reiserfs ] ; then
@@ -97,14 +97,14 @@
 	rm -f fs/* 2>/dev/null
 	rmdir cfs 2>/dev/null
 	rmdir fs 2>/dev/null
-	umount /media/test 2>/dev/null
+	umount -d /media/test 2>/dev/null
 	if [ -d /media/test ] ; then
 		rmdir /media/test
 	fi
 }
 
 cleanup () {
-	umount /media/test 2>/dev/null
+	umount -d /media/test 2>/dev/null
 	rmdir /media/test
 }
 
@@ -239,10 +239,8 @@
 		/sbin/mkfs.minix /dev/loop0 $BLOCKSIZE
 		losetup -d /dev/loop0
 	;;
-	ntfs)
-		losetup /dev/loop0 $file
-		/sbin/mkfs.ntfs -C -L TEST1 /dev/loop0
-		losetup -d /dev/loop0
+	ntfs|ntfs-3g)
+		/sbin/mkfs.ntfs -C -L TEST1 -F $file
 	;;
 	# Let xfs extend the file image, it needs about 16m
 	xfs) /sbin/mkfs.xfs -b size=$BLOCKSIZE -f -dname=$file >/dev/null
diff -ur fsfuzzer-0.6-lmh.orig/run_test fsfuzzer-0.6-lmh/run_test
--- fsfuzzer-0.6-lmh.orig/run_test	2008-05-19 12:13:51.000000000 +0300
+++ fsfuzzer-0.6-lmh/run_test	2008-05-29 19:08:50.000000000 +0300
@@ -24,7 +24,7 @@
 dmesg -c >/dev/null 2>&1
 
 cleanup () {
-	umount /media/test 2>/dev/null
+	umount -d /media/test 2>/dev/null
 	rmdir /media/test
 }
 
@@ -272,6 +272,35 @@
 	check_results
 fi
 
+if [ $fs = "ntfs-3g" ] ; then
+
+	mount ./cfs/$fs.$i.img /media/test -t $fs -o loop >/dev/null 2>&1
+
+	typeset ret=$?
+
+	if [ $ret -eq 0 ] ; then
+		perform_operations
+		FAULT=`/bin/ls /media/test | grep -Ei 'Transport endpoint is not connected|Software caused connection abort'`
+		if [ x"$FAULT" != "x" ] ; then
+			echo "++ Something found (`pwd`/fs/$fs.$i.img)..."
+			exit 1
+		fi
+		echo "++ unmounting ./cfs/$fs.$i.img"
+		umount -d /media/test >/dev/null 2>&1
+		if [ $? -ne 0 ] ; then
+			echo "Failed to unmount test file system"
+			exit 1
+		fi
+		sync
+	fi
+	losetup -d /dev/loop0 2> /dev/null
+	if [ $ret -eq 2 ] ; then
+		exit 1
+	fi	
+	check_results
+	exit 0
+fi
+
 mount ./cfs/$fs.$i.img /media/test -t $fs -o loop >/dev/null 2>&1
 
 




-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/