| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jul 2017 15:22:01 +0530
From: Abdul Haleem <abdhalee@...ux.vnet.ibm.com>
To: linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>
Cc: linux-kernel <linux-kernel@...r.kernel.org>,
linux-fsdevel@...r.kernel.org,
sachinp <sachinp@...ux.vnet.ibm.com>,
chandan <chandan@...ux.vnet.ibm.com>, viro@...iv.linux.org.uk
Subject: [mainline][ext2] fsfuzzer triggered WARNING: CPU: 1 PID: 72688 at
fs/super.c:1244 mount_fs+0x200/0x220
Hi,
WARN() is being triggered when running fsfuzzer for ext2 file system on
powerpc machine running 4.12.0-rc1 kernel.
Machine : Power 8 bare-metal
Kernel : 4.12.0-rc1
gcc : 4.8.5
Test: fsfuzzer (https://github.com/stevegrubb/fsfuzzer)
trace:
-----
./run_test ext2 10
ext2 set sb->s_maxbytes to negative value (-537001984)
------------[ cut here ]------------
WARNING: CPU: 1 PID: 72688 at fs/super.c:1244 mount_fs+0x200/0x220
Modules linked in: cramfs iptable_mangle ipt_MASQUERADE
nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4
nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4
xt_tcpudp tun bridge stp llc kvm_hv kvm iptable_filter vmx_crypto
ipmi_powernv ipmi_devintf ipmi_msghandler powernv_rng leds_powernv
led_class rng_core powernv_op_panel binfmt_misc nfsd ip_tables x_tables
autofs4
CPU: 1 PID: 72688 Comm: mount Tainted: G W 4.12.0-rc1-autotest #2
task: c0000007f3bb9d00 task.stack: c0000007f04cc000
NIP: c0000000002dbf60 LR: c0000000002dbf5c CTR: c0000000006e09e0
REGS: c0000007f04cf990 TRAP: 0700 Tainted: G W (4.12.0-rc1-autotest)
MSR: 900000000282b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>
CR: 22022822 XER: 20000000
CFAR: c0000000009a8868 SOFTE: 1 #012GPR00: c0000000002dbf5c
c0000007f04cfc10 c000000001050300 0000000000000036 #012GPR04:
c0000007ff54ada0 c0000007ff561838 0000000000000000 ffffffffffffffff
#012GPR08: 0000000000000000 c000000000d31664 00000007fe820000
9000000002803003 #012GPR12: 0000000000002200 c00000000fd40580
0000000032d09198 0000000032d09188 #012GPR16: 0000000032d079dc
ffffffffffffffff 0000000000000000 0000000032d050a0 #012GPR20:
0000010002b31290 0000000000000000 00000000c0ed0000 00007fffaa291efc
#012GPR24: 0000000000000000 0000000000000000 0000000000000000
0000000000000000 #012GPR28: 0000000000000000 c0000007bab9cfc0
c000000000fcead0 c0000007e236a000
NIP [c0000000002dbf60] mount_fs+0x200/0x220
LR [c0000000002dbf5c] mount_fs+0x1fc/0x220
Call Trace:
[c0000007f04cfc10] [c0000000002dbf5c] mount_fs+0x1fc/0x220 (unreliable)
[c0000007f04cfcc0] [c0000000003032cc] vfs_kern_mount+0x5c/0x180
[c0000007f04cfd10] [c000000000307c48] do_mount+0x278/0xee0
[c0000007f04cfde0] [c000000000308cb4] SyS_mount+0x94/0x100
[c0000007f04cfe30] [c00000000000b7e0] system_call+0x38/0xfc
Instruction dump:
4182fe84 4bffff70 60000000 60420000 3b800000 3b400000 4bfffe6c e89e0000
3c62ffb6 3863a5f0 486cc8d1 60000000 <0fe00000> 4bfffedc 60000000
60000000
---[ end trace 94263d5270c2cf71 ]---
from file fs/super.c in function mount_fs() a WARN() is being triggered.
error = security_sb_kern_mount(sb, flags, secdata);
if (error)
goto out_sb;
/*
* filesystems should never set s_maxbytes larger than
MAX_LFS_FILESIZE
* but s_maxbytes was an unsigned long long for many releases. Throw
* this warning for a little while to try and catch filesystems that
* violate this rule.
*/
>>> WARN((sb->s_maxbytes < 0), "%s set sb->s_maxbytes to "
"negative value (%lld)\n", type->name, sb->s_maxbytes);
up_write(&sb->s_umount);
free_secdata(secdata);
return root;
--
Regard's
Abdul Haleem
IBM Linux Technology Centre
View attachment "Tul-NV-config" of type "text/plain" (86717 bytes)
Powered by blists - more mailing lists