Message ID | 20211125080036.2211159-1-sunke32@huawei.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | ext4: test for illegal memory access caused by quota index information error | expand |
On Thu, Nov 25, 2021 at 04:00:36PM +0800, Sun Ke wrote: > The quota index information in the image is tampered, causing illegal > memory access. > It is a regression test for Kernel commit 9bf3d2033129 quota: check block > number when reading the block in quota file and commit d0e36a62bd4c > quota: correct error number in free_dqentry(). > > Signed-off-by: Sun Ke <sunke32@huawei.com> > --- > tests/ext4/054 | 36 ++++++++++++++++++++++++++++++++++++ > tests/ext4/054.out | 1 + > 2 files changed, 37 insertions(+) > create mode 100755 tests/ext4/054 > create mode 100644 tests/ext4/054.out > > diff --git a/tests/ext4/054 b/tests/ext4/054 > new file mode 100755 > index 00000000..286b5ecb > --- /dev/null > +++ b/tests/ext4/054 > @@ -0,0 +1,36 @@ > +#! /bin/bash > +# SPDX-License-Identifier: GPL-2.0 > +# Copyright (c) 2021 Huawei. All Rights Reserved. > +# > +# FS QA Test 054 > +# > +# Regression test for kernel > +# commit 9bf3d2033129 quota: check block number when reading the block in quota file > +# commit d0e36a62bd4c quota: correct error number in free_dqentry() Better to describe the test in test description as well, e.g. what's the bug and summarise how we're going to test it. > +# > +# The test is based on a testcase from Zhang Yi <yi.zhang@huawei.com>. > +# > +. ./common/preamble > +_begin_fstest auto In 'quota' group as well > + > +# real QA test starts here > + > +# Modify as appropriate. > +_require_scratch > +_supported_fs ext4 > +_require_user fsgqa > +_require_user fsgqa2 _require_command "$DEBUGFS_PROG" debugfs and use $DEBUGFS_PRG in the test. > + > +_scratch_mkfs "-F -O quota -b 1024" > $seqres.full 2>&1 Is 1k block size a required condition to reproduce the bug? Or the following debugfs command requires 1k fs? > +debugfs -w -R "zap_block -o 0 -l 1 -p 6 -f <3> 1" $SCRATCH_DEV >> $seqres.full 2>&1 Some comments are welcomed to describe the detailed test steps, e.g. explain what's the purpose of this debugfs command. > +_scratch_mount >> $seqres.full 2>&1 > +chown fsgqa:fsgqa $SCRATCH_MNT >> $seqres.full 2>&1 > +touch $SCRATCH_MNT/foo >> $seqres.full 2>&1 > +rm -f $SCRATCH_MNT/foo > +chown fsgqa2:fsgqa2 $SCRATCH_MNT >> $seqres.full 2>&1 And why we need to chown fsgqa:fsgqa first and rm the file and chown to fsgqa2 later. > + > +umount $SCRATCH_MNT Is this required to trigger the bug? If not, this could be removed, SCRATCH_DEV will be umounted after each test. > + > +# success, all done > +status=0 > +exit > diff --git a/tests/ext4/054.out b/tests/ext4/054.out > new file mode 100644 > index 00000000..03e258bb > --- /dev/null > +++ b/tests/ext4/054.out > @@ -0,0 +1 @@ > +QA output created by 054 Need "Silence is golden" to indicate this test doesn't print any output. Thanks, Eryu > -- > 2.13.6
On Sun, Nov 28, 2021 at 10:58:04PM +0800, Eryu Guan wrote: > On Thu, Nov 25, 2021 at 04:00:36PM +0800, Sun Ke wrote: > > The quota index information in the image is tampered, causing illegal > > memory access. > > It is a regression test for Kernel commit 9bf3d2033129 quota: check block > > number when reading the block in quota file and commit d0e36a62bd4c > > quota: correct error number in free_dqentry(). > > > > Signed-off-by: Sun Ke <sunke32@huawei.com> > > --- > > tests/ext4/054 | 36 ++++++++++++++++++++++++++++++++++++ > > tests/ext4/054.out | 1 + > > 2 files changed, 37 insertions(+) > > create mode 100755 tests/ext4/054 > > create mode 100644 tests/ext4/054.out > > > > diff --git a/tests/ext4/054 b/tests/ext4/054 > > new file mode 100755 > > index 00000000..286b5ecb > > --- /dev/null > > +++ b/tests/ext4/054 > > @@ -0,0 +1,36 @@ > > +#! /bin/bash > > +# SPDX-License-Identifier: GPL-2.0 > > +# Copyright (c) 2021 Huawei. All Rights Reserved. > > +# > > +# FS QA Test 054 > > +# > > +# Regression test for kernel > > +# commit 9bf3d2033129 quota: check block number when reading the block in quota file > > +# commit d0e36a62bd4c quota: correct error number in free_dqentry() > > Better to describe the test in test description as well, e.g. what's the > bug and summarise how we're going to test it. > > > +# > > +# The test is based on a testcase from Zhang Yi <yi.zhang@huawei.com>. > > +# > > +. ./common/preamble > > +_begin_fstest auto > > In 'quota' group as well > > > + > > +# real QA test starts here > > + > > +# Modify as appropriate. > > +_require_scratch > > +_supported_fs ext4 > > +_require_user fsgqa > > +_require_user fsgqa2 > > _require_command "$DEBUGFS_PROG" debugfs > > and use $DEBUGFS_PRG in the test. > > > + > > +_scratch_mkfs "-F -O quota -b 1024" > $seqres.full 2>&1 > > Is 1k block size a required condition to reproduce the bug? Or the > following debugfs command requires 1k fs? > > > +debugfs -w -R "zap_block -o 0 -l 1 -p 6 -f <3> 1" $SCRATCH_DEV >> $seqres.full 2>&1 Also, this corrupts the filesystem, and post-test fsck complains fs corruption. We need _require_scratch_nocheck instead of _require_scratch Thanks, Eryu > > Some comments are welcomed to describe the detailed test steps, e.g. > explain what's the purpose of this debugfs command. > > > +_scratch_mount >> $seqres.full 2>&1 > > +chown fsgqa:fsgqa $SCRATCH_MNT >> $seqres.full 2>&1 > > +touch $SCRATCH_MNT/foo >> $seqres.full 2>&1 > > +rm -f $SCRATCH_MNT/foo > > +chown fsgqa2:fsgqa2 $SCRATCH_MNT >> $seqres.full 2>&1 > > And why we need to chown fsgqa:fsgqa first and rm the file and chown to > fsgqa2 later. > > > + > > +umount $SCRATCH_MNT > > Is this required to trigger the bug? If not, this could be removed, > SCRATCH_DEV will be umounted after each test. > > > + > > +# success, all done > > +status=0 > > +exit > > diff --git a/tests/ext4/054.out b/tests/ext4/054.out > > new file mode 100644 > > index 00000000..03e258bb > > --- /dev/null > > +++ b/tests/ext4/054.out > > @@ -0,0 +1 @@ > > +QA output created by 054 > > Need "Silence is golden" to indicate this test doesn't print any output. > > Thanks, > Eryu > > > -- > > 2.13.6
Hi, Eryu Sorry for the delay in replaying. 在 2021/11/28 22:58, Eryu Guan 写道: > On Thu, Nov 25, 2021 at 04:00:36PM +0800, Sun Ke wrote: >> The quota index information in the image is tampered, causing illegal >> memory access. >> It is a regression test for Kernel commit 9bf3d2033129 quota: check block >> number when reading the block in quota file and commit d0e36a62bd4c >> quota: correct error number in free_dqentry(). >> >> Signed-off-by: Sun Ke <sunke32@huawei.com> >> --- >> tests/ext4/054 | 36 ++++++++++++++++++++++++++++++++++++ >> tests/ext4/054.out | 1 + >> 2 files changed, 37 insertions(+) >> create mode 100755 tests/ext4/054 >> create mode 100644 tests/ext4/054.out >> >> diff --git a/tests/ext4/054 b/tests/ext4/054 >> new file mode 100755 >> index 00000000..286b5ecb >> --- /dev/null >> +++ b/tests/ext4/054 >> @@ -0,0 +1,36 @@ >> +#! /bin/bash >> +# SPDX-License-Identifier: GPL-2.0 >> +# Copyright (c) 2021 Huawei. All Rights Reserved. >> +# >> +# FS QA Test 054 >> +# >> +# Regression test for kernel >> +# commit 9bf3d2033129 quota: check block number when reading the block in quota file >> +# commit d0e36a62bd4c quota: correct error number in free_dqentry() > > Better to describe the test in test description as well, e.g. what's the > bug and summarise how we're going to test it. > >> +# >> +# The test is based on a testcase from Zhang Yi <yi.zhang@huawei.com>. >> +# >> +. ./common/preamble >> +_begin_fstest auto > > In 'quota' group as well > >> + >> +# real QA test starts here >> + >> +# Modify as appropriate. >> +_require_scratch >> +_supported_fs ext4 >> +_require_user fsgqa >> +_require_user fsgqa2 > > _require_command "$DEBUGFS_PROG" debugfs > > and use $DEBUGFS_PRG in the test. > >> + >> +_scratch_mkfs "-F -O quota -b 1024" > $seqres.full 2>&1 > > Is 1k block size a required condition to reproduce the bug? Or the > following debugfs command requires 1k fs? the following debugfs command requires 1k fs > >> +debugfs -w -R "zap_block -o 0 -l 1 -p 6 -f <3> 1" $SCRATCH_DEV >> $seqres.full 2>&1 > > Some comments are welcomed to describe the detailed test steps, e.g. > explain what's the purpose of this debugfs command. > >> +_scratch_mount >> $seqres.full 2>&1 >> +chown fsgqa:fsgqa $SCRATCH_MNT >> $seqres.full 2>&1 >> +touch $SCRATCH_MNT/foo >> $seqres.full 2>&1 >> +rm -f $SCRATCH_MNT/foo >> +chown fsgqa2:fsgqa2 $SCRATCH_MNT >> $seqres.full 2>&1 > > And why we need to chown fsgqa:fsgqa first and rm the file and chown to > fsgqa2 later. > >> + >> +umount $SCRATCH_MNT > > Is this required to trigger the bug? If not, this could be removed, > SCRATCH_DEV will be umounted after each test. > >> + >> +# success, all done >> +status=0 >> +exit >> diff --git a/tests/ext4/054.out b/tests/ext4/054.out >> new file mode 100644 >> index 00000000..03e258bb >> --- /dev/null >> +++ b/tests/ext4/054.out >> @@ -0,0 +1 @@ >> +QA output created by 054 > > Need "Silence is golden" to indicate this test doesn't print any output. > > Thanks, > Eryu > >> -- >> 2.13.6 > . > I will improve it in V2. Thanks, Sun Ke
diff --git a/tests/ext4/054 b/tests/ext4/054 new file mode 100755 index 00000000..286b5ecb --- /dev/null +++ b/tests/ext4/054 @@ -0,0 +1,36 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2021 Huawei. All Rights Reserved. +# +# FS QA Test 054 +# +# Regression test for kernel +# commit 9bf3d2033129 quota: check block number when reading the block in quota file +# commit d0e36a62bd4c quota: correct error number in free_dqentry() +# +# The test is based on a testcase from Zhang Yi <yi.zhang@huawei.com>. +# +. ./common/preamble +_begin_fstest auto + +# real QA test starts here + +# Modify as appropriate. +_require_scratch +_supported_fs ext4 +_require_user fsgqa +_require_user fsgqa2 + +_scratch_mkfs "-F -O quota -b 1024" > $seqres.full 2>&1 +debugfs -w -R "zap_block -o 0 -l 1 -p 6 -f <3> 1" $SCRATCH_DEV >> $seqres.full 2>&1 +_scratch_mount >> $seqres.full 2>&1 +chown fsgqa:fsgqa $SCRATCH_MNT >> $seqres.full 2>&1 +touch $SCRATCH_MNT/foo >> $seqres.full 2>&1 +rm -f $SCRATCH_MNT/foo +chown fsgqa2:fsgqa2 $SCRATCH_MNT >> $seqres.full 2>&1 + +umount $SCRATCH_MNT + +# success, all done +status=0 +exit diff --git a/tests/ext4/054.out b/tests/ext4/054.out new file mode 100644 index 00000000..03e258bb --- /dev/null +++ b/tests/ext4/054.out @@ -0,0 +1 @@ +QA output created by 054
The quota index information in the image is tampered, causing illegal memory access. It is a regression test for Kernel commit 9bf3d2033129 quota: check block number when reading the block in quota file and commit d0e36a62bd4c quota: correct error number in free_dqentry(). Signed-off-by: Sun Ke <sunke32@huawei.com> --- tests/ext4/054 | 36 ++++++++++++++++++++++++++++++++++++ tests/ext4/054.out | 1 + 2 files changed, 37 insertions(+) create mode 100755 tests/ext4/054 create mode 100644 tests/ext4/054.out