Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Oct 2021 14:56:14 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 259105] ext2fs would be more robust if it checked the type of inode 2
Message-ID:  <bug-259105-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259105

            Bug ID: 259105
           Summary: ext2fs would be more robust if it checked the type of
                    inode 2
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: rtm@lcs.mit.edu

Created attachment 228627
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D228627&action=
=3Dedit
An ext2 file system with a damaged root i-node.

ext2fs is willing to mount a file system whose root i-node
is a symbolic link, which soon causes a panic. It would be
better if ext2_root() or ext2_vget(ino=3D2) checked the
inode type.

I've attached a demo ext3 disk image, whose root i-node's mode
says it is a symbolic link, and whose size is 60 bytes.

# uname -a
FreeBSD stock14 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n248636-d20e9e02d=
b3:
Thu Aug 12 05:47:18 UTC 2021=20=20=20=20
root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64
# gunzip ext38.img.gz=20
# mdconfig -f ext38.img=20
md0
# mount -t ext2fs -o ro /dev/md0 /mnt
# cp /mnt/a /dev/null
panic: invalid lock request for crossmp
cpuid =3D 0
time =3D 1634045804
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0063aea=
5b0
vpanic() at vpanic+0x187/frame 0xfffffe0063aea610
panic() at panic+0x43/frame 0xfffffe0063aea670
crossmp_vop_lock1() at crossmp_vop_lock1+0xaf/frame 0xfffffe0063aea6b0
_vn_lock() at _vn_lock+0x54/frame 0xfffffe0063aea710
lookup() at lookup+0xc2/frame 0xfffffe0063aea7b0
namei() at namei+0x388/frame 0xfffffe0063aea870
kern_statat() at kern_statat+0x12d/frame 0xfffffe0063aea9c0
sys_fstatat() at sys_fstatat+0x2f/frame 0xfffffe0063aeaac0
amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe0063aeabf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0063aeabf0

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259105-227>