Bug 259105 - ext2fs would be more robust if it checked the type of inode 2
Summary: ext2fs would be more robust if it checked the type of inode 2
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-12 14:56 UTC by Robert Morris
Modified: 2022-01-06 07:46 UTC (History)
2 users (show)

See Also:


Attachments
An ext2 file system with a damaged root i-node. (1.51 KB, application/x-gzip)
2021-10-12 14:56 UTC, Robert Morris
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Morris 2021-10-12 14:56:14 UTC
Created attachment 228627 [details]
An ext2 file system with a damaged root i-node.

ext2fs is willing to mount a file system whose root i-node
is a symbolic link, which soon causes a panic. It would be
better if ext2_root() or ext2_vget(ino=2) checked the
inode type.

I've attached a demo ext3 disk image, whose root i-node's mode
says it is a symbolic link, and whose size is 60 bytes.

# uname -a
FreeBSD stock14 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n248636-d20e9e02db3: Thu Aug 12 05:47:18 UTC 2021     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64
# gunzip ext38.img.gz 
# mdconfig -f ext38.img 
md0
# mount -t ext2fs -o ro /dev/md0 /mnt
# cp /mnt/a /dev/null
panic: invalid lock request for crossmp
cpuid = 0
time = 1634045804
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0063aea5b0
vpanic() at vpanic+0x187/frame 0xfffffe0063aea610
panic() at panic+0x43/frame 0xfffffe0063aea670
crossmp_vop_lock1() at crossmp_vop_lock1+0xaf/frame 0xfffffe0063aea6b0
_vn_lock() at _vn_lock+0x54/frame 0xfffffe0063aea710
lookup() at lookup+0xc2/frame 0xfffffe0063aea7b0
namei() at namei+0x388/frame 0xfffffe0063aea870
kern_statat() at kern_statat+0x12d/frame 0xfffffe0063aea9c0
sys_fstatat() at sys_fstatat+0x2f/frame 0xfffffe0063aeaac0
amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe0063aeabf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0063aeabf0
Comment 1 commit-hook freebsd_committer freebsd_triage 2021-12-30 06:15:59 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ced21728223016429242d1f7cd5e8a160c8a88cb

commit ced21728223016429242d1f7cd5e8a160c8a88cb
Author:     Fedor Uporov <fsu@FreeBSD.org>
AuthorDate: 2021-12-24 14:11:25 +0000
Commit:     Fedor Uporov <fsu@FreeBSD.org>
CommitDate: 2021-12-30 06:14:45 +0000

    Add more accurate check for root inode

    Check that root inode has links and is directory.

    PR:             259105
    Reported by:    Robert Morris
    MFC after:      2 weeks

 sys/fs/ext2fs/ext2_inode_cnv.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)