[Bug 259105] ext2fs would be more robust if it checked the type of inode 2
Date: Tue, 12 Oct 2021 14:56:14 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259105
Bug ID: 259105
Summary: ext2fs would be more robust if it checked the type of
inode 2
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: rtm@lcs.mit.edu
Created attachment 228627
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=228627&action=edit
An ext2 file system with a damaged root i-node.
ext2fs is willing to mount a file system whose root i-node
is a symbolic link, which soon causes a panic. It would be
better if ext2_root() or ext2_vget(ino=2) checked the
inode type.
I've attached a demo ext3 disk image, whose root i-node's mode
says it is a symbolic link, and whose size is 60 bytes.
# uname -a
FreeBSD stock14 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n248636-d20e9e02db3:
Thu Aug 12 05:47:18 UTC 2021
root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
# gunzip ext38.img.gz
# mdconfig -f ext38.img
md0
# mount -t ext2fs -o ro /dev/md0 /mnt
# cp /mnt/a /dev/null
panic: invalid lock request for crossmp
cpuid = 0
time = 1634045804
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0063aea5b0
vpanic() at vpanic+0x187/frame 0xfffffe0063aea610
panic() at panic+0x43/frame 0xfffffe0063aea670
crossmp_vop_lock1() at crossmp_vop_lock1+0xaf/frame 0xfffffe0063aea6b0
_vn_lock() at _vn_lock+0x54/frame 0xfffffe0063aea710
lookup() at lookup+0xc2/frame 0xfffffe0063aea7b0
namei() at namei+0x388/frame 0xfffffe0063aea870
kern_statat() at kern_statat+0x12d/frame 0xfffffe0063aea9c0
sys_fstatat() at sys_fstatat+0x2f/frame 0xfffffe0063aeaac0
amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe0063aeabf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0063aeabf0
--
You are receiving this mail because:
You are the assignee for the bug.