[LTP] [PATCH v2] fsconfig: New case cover CVE-2022-0185

Wei Gao wegao@suse.com
Fri Feb 10 10:00:49 CET 2023 

On Fri, Feb 10, 2023 at 03:22:08AM -0500, Wei Gao via ltp wrote:
> On Thu, Feb 09, 2023 at 03:52:37PM +0100, Cyril Hrubis wrote:
> > Hi!
> 
> > > Results on my machine (6.2.0-rc6)
> > > 
> > > tst_test.c:1634: TINFO: === Testing on ext2 ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with ext2 opts='' extra opts=''
> > > mke2fs 1.46.5 (30-Dec-2021)
> > > note ext2 is *not* using new mount API
> > > fsconfig03.c:50: TPASS: fsconfig() overflow on ext2 haven't triggerred crash
> > > tst_test.c:1634: TINFO: === Testing on ext3 ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with ext3 opts='' extra opts=''
> > > mke2fs 1.46.5 (30-Dec-2021)
> > > fsconfig03.c:50: TPASS: fsconfig() overflow on ext3 haven't triggerred crash
> > > tst_test.c:1634: TINFO: === Testing on ext4 ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with ext4 opts='' extra opts=''
> > > mke2fs 1.46.5 (30-Dec-2021)
> > > fsconfig03.c:50: TPASS: fsconfig() overflow on ext4 haven't triggerred crash
> > > tst_test.c:1634: TINFO: === Testing on xfs ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with xfs opts='' extra opts=''
> > > fsconfig03.c:50: TPASS: fsconfig() overflow on xfs haven't triggerred crash
> > > tst_test.c:1634: TINFO: === Testing on btrfs ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with btrfs opts='' extra opts=''
> > > fsconfig03.c:44: TFAIL: fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0) succeeded
> > > Btrfs should be investigated (IMHO btrfs is using new mount API).
> > > 
> > > tst_test.c:1634: TINFO: === Testing on vfat ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with vfat opts='' extra opts=''
> > > fsconfig03.c:44: TFAIL: fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0) succeeded
> > > 
> > > tst_test.c:1634: TINFO: === Testing on exfat ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with exfat opts='' extra opts=''
> > > fsconfig03.c:50: TPASS: fsconfig() overflow on exfat haven't triggerred crash
> > > Interesting, exfat works :) It also uses new mount API.
> > > 
> > > tst_test.c:1634: TINFO: === Testing on ntfs ===
> > > tst_test.c:1093: TINFO: Formatting /dev/loop0 with ntfs opts='' extra opts=''
> > > The partition start sector was not specified for /dev/loop0 and it could not be obtained automatically.  It has been set to 0.
> > > The number of sectors per track was not specified for /dev/loop0 and it could not be obtained automatically.  It has been set to 0.
> > > The number of heads was not specified for /dev/loop0 and it could not be obtained automatically.  It has been set to 0.
> > > To boot from a device, Windows needs the 'partition start sector', the 'sectors per track' and the 'number of heads' to be set.
> > > Windows will not be able to boot from this device.
> > > fsconfig03.c:29: TBROK: fsopen() failed: ENODEV (19)
> > > Hm, that's strange
> > 
> > ENODEV means that filesystem is not compiled in kernel, that's strage,
> > that would mean that you have a broken system, e.g. kernel modules that
> > support these filesystems are not installed properly or something like
> > that.
> > 
> > If you look at fs/filesystems.c the get_fs_type() function called from
> > the fsopen() uses the very same array that is used by the
> > /proc/filesystems we parse in LTP to get list of supported filesystems.
> > 
> > This is the place where you can get ENODEV:
> > 
> > https://elixir.bootlin.com/linux/latest/source/fs/fsopen.c#L132
> > 
> > And this is the place where it can fail:
> > 
> > https://elixir.bootlin.com/linux/latest/source/fs/filesystems.c#L261
> > 
> > > Due above, I suggest this:
> > > 	.skip_filesystems = (const char *const []){"ntfs", "vfat", NULL},
> > 
> 
> Result in my machine 6.0.0-rc5, the ntfs check no failed with ENODEV but show succeeded when do fsconfig.
> I will do further check on btrfs why it show success, will notify you once i got result.
> 
> 
> tst_test.c:1634: TINFO: === Testing on ext2 ===
> tst_test.c:1093: TINFO: Formatting /dev/loop0 with ext2 opts='' extra opts=''
> mke2fs 1.46.6 (1-Feb-2023)
> fsconfig03.c:50: TPASS: fsconfig() overflow on ext2 haven't triggerred crash
> tst_test.c:1634: TINFO: === Testing on ext3 ===
> tst_test.c:1093: TINFO: Formatting /dev/loop0 with ext3 opts='' extra opts=''
> mke2fs 1.46.6 (1-Feb-2023)
> fsconfig03.c:50: TPASS: fsconfig() overflow on ext3 haven't triggerred crash
> tst_test.c:1634: TINFO: === Testing on ext4 ===
> tst_test.c:1093: TINFO: Formatting /dev/loop0 with ext4 opts='' extra opts=''
> mke2fs 1.46.6 (1-Feb-2023)
> fsconfig03.c:50: TPASS: fsconfig() overflow on ext4 haven't triggerred crash
> tst_test.c:1634: TINFO: === Testing on btrfs ===
> tst_test.c:1093: TINFO: Formatting /dev/loop0 with btrfs opts='' extra opts=''
> fsconfig03.c:44: TFAIL: fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0) succeeded
> tst_test.c:1634: TINFO: === Testing on vfat ===
> tst_test.c:1093: TINFO: Formatting /dev/loop0 with vfat opts='' extra opts=''
> fsconfig03.c:44: TFAIL: fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0) succeeded
> tst_test.c:1634: TINFO: === Testing on ntfs ===
> tst_test.c:1093: TINFO: Formatting /dev/loop0 with ntfs opts='' extra opts=''
> Failed to set locale, using default 'C'.
> The partition start sector was not specified for /dev/loop0 and it could not be obtained automatically.  It has been set to 0.
> The number of sectors per track was not specified for /dev/loop0 and it could not be obtained automatically.  It has been set to 0.
> The number of heads was not specified for /dev/loop0 and it could not be obtained automatically.  It has been set to 0.
> To boot from a device, Windows needs the 'partition start sector', the 'sectors per track' and the 'number of heads' to be set.
> Windows will not be able to boot from this device.
> fsconfig03.c:44: TFAIL: fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0) succeeded
> tst_test.c:1634: TINFO: === Testing on tmpfs ===
> tst_test.c:1093: TINFO: Skipping mkfs for TMPFS filesystem
> 

I have no idea why btrfs still not set .init_fs_context even for kernel 6.0, so it will go legacy handle function
which can not return error in our test case. So if we need extra test logic for btrfs. 

static struct file_system_type btrfs_fs_type = {
        .owner          = THIS_MODULE,
        .name           = "btrfs",
        .mount          = btrfs_mount,
        .kill_sb        = btrfs_kill_super,
        .fs_flags       = FS_REQUIRES_DEV | FS_BINARY_MOUNTDATA,
};

static struct file_system_type btrfs_root_fs_type = {
        .owner          = THIS_MODULE,
        .name           = "btrfs",
        .mount          = btrfs_mount_root,
        .kill_sb        = btrfs_kill_super,
        .fs_flags       = FS_REQUIRES_DEV | FS_BINARY_MOUNTDATA | FS_ALLOW_IDMAP,
};



> > 
> > -- 
> > Cyril Hrubis
> > chrubis@suse.cz
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

More information about the ltp mailing list