lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 07 Jun 2021 16:03:57 +0000
Subject: [Bug 213357] New: chattr +e writes invalid checksum to extent block

            Bug ID: 213357
           Summary: chattr +e writes invalid checksum to extent block
           Product: File System
           Version: 2.5
    Kernel Version: 5.13.0-rc4
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
        Regression: No

Created attachment 297207
Reproduction script


Converting a file previously using (ext2/3) blocklists to ext4 extents using
chattr +e makes the kernel write an invalid checksum to the extent block (if
one needs to be written because of the metadata_csum feature & there being more
than 4 extents). Because of inode caching, this won't be obvious until the
inode has has been evicted from the cache, or the filesystem is remounted. The
checksum errors are trivially correctable using e2fsck.


In short:

* Create a large enough file on an ext3 filesystem to have it 5+ discontinuous
ranges of blocks
* Add 'extent' and 'metadata_csum' feature to the filesystem
* chattr +e the file
* Reload the filesystem/clear inode cache

See for full steps.


* Reading the file gives I/O errors (EXT4-fs error: ext4_find_extent:885: inode
#12: comm cat: pblk 17591 bad header/extent: extent tree corrupted - magic
f30a, entries 6, max 340(340), depth 0(0))
* e2fsck reports checksum mismatch (ext2fs_block_iterate3: Extent block
checksum does not match extent block)


Besides the system where I originally found the bug, I reproduced it with 3
Debian versions (Stretch, Buster, Bullseye rc1), and additionally Bullseye with
vanilla 5.13.0-rc4 kernel built from source tarball: so, kernel
versions spanning 4.9 to 5.13.

The reproduction script is destructive to the provided device.

You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists