Re: OCFS2: [ocfs2_rename:1688 ERROR: status = -39] with four syscalls on fresh FS image
From: Anatoly Trosinenko
Date: Sun Nov 04 2018 - 03:48:53 EST
Oops, excuse me, looks like it really logs every error to dmesg. And
what about NULL dereferences on corrupted images: should they be
reported at all and if yes, publicly or privately? On one hand, OCFS2
by design operates remote images, on the other hand, these images are
most probably served from some trusted source.
Best regards
Anatoly
ÐÑ, 4 ÐÐÑÐ. 2018 Ð. Ð 10:53, Al Viro <viro@xxxxxxxxxxxxxxxxxx>:
>
> On Sun, Nov 04, 2018 at 10:37:34AM +0300, Anatoly Trosinenko wrote:
> > Hello,
> >
> > When fuzzing OCFS2, I got an ERROR message in dmesg output with
> > several syscalls on completely fresh, uncrafted FS image. From this
> > https://oss.oracle.com/pipermail/ocfs2-devel/2012-August/008683.html
> > it looks like ERROR messages are indicating some unexpected conditions
> > in the driver code, is it right? If so, here it how to reproduce it
> > with kvm-xfstests:
> >
> > 1) Checkout latest torvalds/master (tested with commit 71e56028), copy
> > x86_64-config-4.14 from fstests to .config, `make olddefconfig`,
> > enable CONFIG_FS then OCFS2 and compile
> > 2) Create fresh OCFS2 image:
> > $ fallocate -l 256M ocfs2
> > $ mkfs.ocfs2 -L test --fs-features=local ./ocfs2
> > $ mv ocfs2 /tmp/kvm-xfstests-$USER/ # mkfs.ocfs2 seems to not operate
> > on tmpfs that can be mounted on /tmp
> > 3) gcc --static ocfs2.c -o /tmp/kvm-xfstests-$USER/repro
> > 4) Inside the ./kvm-xfstests shell
> > root@kvm-xfstests:~# mount /vtmp
> > root@kvm-xfstests:~# mount /vtmp/ocfs2 /mnt
> > [ 17.168634] JBD2: Ignoring recovery information on journal
> > [ 17.173903] ocfs2: Mounting device (7,0) on (node local, slot 0)
> > with ordered data mode.
> > root@kvm-xfstests:~# /vtmp/repro
> > [ 20.597145] (repro,368,1):ocfs2_rename:1688 ERROR: status = -39
>
> That would be -ENOTEMPTY...
>
> > root@kvm-xfstests:~#
> >
> > Best regards
> > Anatoly
>
> > #include <sys/stat.h>
> > #include <sys/types.h>
> > #include <unistd.h>
> > #include <stdio.h>
> >
> > int main()
> > {
> > mkdir("/mnt/xyz", 0x700);
> > mkdir("/mnt/abc", 0x700);
> > symlink("/mnt", "/mnt/xyz/1");
> > rename("/mnt/abc", "/mnt/xyz");
>
> ... and this would certainly warrant that - the victim is not empty, indeed.
> AFAICS, ocfs2_rename() yells on _any_ error it's about to return. Including
> -EMLINK, etc.