lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 11 Jul 2022 15:32:13 +0800
From:   Sun Ke <sunke32@...wei.com>
To:     Zorro Lang <zlang@...nel.org>
CC:     <fstests@...r.kernel.org>, <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH v2 1/2] ext4: resize fs after resize_inode without e2fsck



在 2022/7/9 0:16, Zorro Lang 写道:
> On Fri, Jul 08, 2022 at 07:21:54PM +0800, Sun Ke wrote:
>> Forget to run requested e2fsck after resize_inode, then resize fs, it
>> will trigger off null pointer.
>>
>> Regression test for commit b55c3cd102a6 ext4: add reserved GDT blocks
>> check.
>>
>> Signed-off-by: Sun Ke <sunke32@...wei.com>
>> ---
>>   tests/ext4/057     | 44 ++++++++++++++++++++++++++++++++++++++++++++
>>   tests/ext4/057.out |  2 ++
>>   2 files changed, 46 insertions(+)
>>   create mode 100755 tests/ext4/057
>>   create mode 100644 tests/ext4/057.out
>>
>> diff --git a/tests/ext4/057 b/tests/ext4/057
>> new file mode 100755
>> index 00000000..125f841a
>> --- /dev/null
>> +++ b/tests/ext4/057
>> @@ -0,0 +1,44 @@
>> +#! /bin/bash
>> +# SPDX-License-Identifier: GPL-2.0
>> +# Copyright (c) 2022 HUAWEI.  All Rights Reserved.
>> +#
>> +# FS QA Test 057
>> +#
>> +# Forget to run requested e2fsck after resize_inode, then resize fs,
>> +# it will trigger off null pointer.
>> +#
>> +# Regression test for commit
>> +# b55c3cd102a6 ext4: add reserved GDT blocks check
>> +#
>> +. ./common/preamble
>> +_begin_fstest auto resize quick
>> +
>> +# real QA test starts here
>> +
>> +# Modify as appropriate.
>> +_supported_fs ext4
>> +_fixed_by_kernel_commit b55c3cd102a6 \
>> +	"ext4: add reserved GDT blocks check"
>> +
>> +_require_scratch
>> +_require_command "$TUNE2FS_PROG" tune2fs
>> +_require_command "$RESIZE2FS_PROG" resize2fs
>> +_require_scratch_size $((1024 * 1024)) #kB
>> +
>> +# set fs size 512M
>> +dev_size=$((512 * 1024 * 1024))
>> +_scratch_mkfs_sized $dev_size >$seqres.full 2>&1
>> +
>> +# forget to run requested e2fsck after resize_inode
>> +$TUNE2FS_PROG -O ^resize_inode $SCRATCH_DEV >$seqres.full 2>&1
> 
> Please use appending write ">>$seqres.full", to avoid seqres.full be
> overwritten.
> 
> I think we don't need to filter out the error output, we don't expect
> there's an error, so if it fails, how about output errors to break
> golden image (remind the testers).
> 
>> +
>> +_scratch_mount
>> +
>> +# resize fs will trigger NULL pointer in ext4_flex_group_add
>> +$RESIZE2FS_PROG $SCRATCH_DEV 1G >$seqres.full 2>&1
> 
> Appending write too...
> 
> I'm not sure what's the necessary condition to reproduce the bug. Do you
> need to resize fs will trigger the bug, but after:
> 
>    # tune2fs -O ^resize_inode /dev/sda3
> 
> Then resize2fs always get:
> 
>    # resize2fs /dev/sda3 3g
>    resize2fs 1.45.6 (20-Mar-2020)
>    Please run 'e2fsck -f /dev/sda3' first.
> 
> Looks like the resizing isn't run actually, is it what you really want?
> I've tried to review this patch from fstests side, better to get some
> review points from ext4 devel, to help to make sure that.
> 
> Thanks,
> Zorro
If comment out the resizefs line, the test will pass.
But if not, it will panic, also takes about 1 second.
So I think resizefs is necessary.

[  113.378201] run fstests ext4/057 at 2022-07-11 11:39:19
[^[[0;32m  OK  ^[[0m] Started /usr/bin/bash -c test -w /p…_score_adj; 
exec ./tests/ext4/057.^M
[  113.747013] EXT4-fs (sdb): warning: mounting unchecked fs, running 
e2fsck is recommended
[  113.779534] BUG: kernel NULL pointer dereference, address: 
0000000000000028
[  113.781657] #PF: supervisor read access in kernel mode
[  113.783250] #PF: error_code(0x0000) - not-present page
[  113.784747] PGD 10d22b067 P4D 10d22b067 PUD 10c2e8067 PMD 0
[  113.786360] Oops: 0000 [#1] PREEMPT SMP
[  113.787514] CPU: 2 PID: 3359 Comm: resize2fs Not tainted 
5.18.0-rc3-00087-g98d40e76652e #3
[  113.789980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), 
BIOS 1.10.2-1ubuntu1 04/01/2014
[  113.792566] RIP: 0010:ext4_flex_group_add+0xe06/0x2530
[  113.794106] Code: 83 05 e5 2d 25 0c 01 48 85 c0 0f 84 16 fd ff ff 48 
8b 44 24 28 be 40 0c 00 00 48 83 05 d2 2d 25 0c 01 48 83 05 6a 2b 25 0c 
01 <48> 8b 68 28 48 83 05 0e 20 25 0c 01 48 8b 95 78 03 00 00 48 8b 42
[  113.799408] RSP: 0018:ffffc900047a7c48 EFLAGS: 00010202
[  113.800857] RAX: 0000000000000000 RBX: ffff88810633e3a8 RCX: 
0000000055555557
[  113.802753] RDX: ffff88810b144400 RSI: 0000000000000c40 RDI: 
00000000aaaaaaab
[  113.804627] RBP: 000000000000003f R08: 0000000000000001 R09: 
0000000000000001
[  113.806518] R10: 0000000000000000 R11: 00000000fffd2755 R12: 
0000000000000005
[  113.808071] R13: ffff88810d279800 R14: 0000000000000000 R15: 
0000000000000005
[  113.809540] FS:  00007f6aca9d2bc0(0000) GS:ffff88813bd00000(0000) 
knlGS:0000000000000000
[  113.811216] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  113.812404] CR2: 0000000000000028 CR3: 0000000106afc000 CR4: 
00000000000006e0
[  113.814078] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[  113.815707] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
[  113.817212] Call Trace:
[  113.817744]  <TASK>
[  113.818221]  ? __kmalloc+0x21e/0x5c0[  113.818955] 
ext4_resize_fs+0xbe4/0x1640
[  113.819778]  __ext4_ioctl+0x1e75/0x26a0
[  113.820597]  ? putname+0x75/0xa0
[  113.821284]  ? kmem_cache_free+0x1a7/0x690
[  113.822139]  ? putname+0x75/0xa0
[  113.822801]  ? do_sys_openat2+0x2a8/0x4f0
[  113.823644]  ext4_ioctl+0x12/0x20
[  113.824352]  __x64_sys_ioctl+0xa3/0x110
[  113.825171]  do_syscall_64+0x35/0x80
[  113.825919]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  113.826969] RIP: 0033:0x7f6ac9b06577

I will continue to improve based on your suggestions on v3.

Thanks,
Sun Ke
> 
>> +
>> +echo "Silence is golden"
>> +
>> +# success, all done
>> +status=0
>> +exit
>> diff --git a/tests/ext4/057.out b/tests/ext4/057.out
>> new file mode 100644
>> index 00000000..185023c7
>> --- /dev/null
>> +++ b/tests/ext4/057.out
>> @@ -0,0 +1,2 @@
>> +QA output created by 057
>> +Silence is golden
>> -- 
>> 2.13.6
>>
> .
> 

Powered by blists - more mailing lists