Re: [PATCH 2/2] fstests: test dirty pipe vulnerability issue of CVE-2022-0847

From: Zorro Lang <zlang@redhat.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: Dave Chinner <david@fromorbit.com>, fstests@vger.kernel.org
Subject: Re: [PATCH 2/2] fstests: test dirty pipe vulnerability issue of CVE-2022-0847
Date: Wed, 23 Mar 2022 01:13:09 +0800	[thread overview]
Message-ID: <20220322171309.hyptb5dbk764zfad@zlang-mailbox> (raw)
In-Reply-To: <20220322155244.GK8200@magnolia>

On Tue, Mar 22, 2022 at 08:52:44AM -0700, Darrick J. Wong wrote:
> On Tue, Mar 22, 2022 at 08:30:02PM +0800, Zorro Lang wrote:
> > On Tue, Mar 22, 2022 at 04:35:55PM +1100, Dave Chinner wrote:
> > > On Mon, Mar 21, 2022 at 07:03:41PM +0800, Zorro Lang wrote:
> > > > diff --git a/tests/generic/999 b/tests/generic/999
> > > > new file mode 100755
> > > > index 00000000..2488e455
> > > > --- /dev/null
> > > > +++ b/tests/generic/999
> > > > @@ -0,0 +1,54 @@
> > > > +#! /bin/bash
> > > > +# SPDX-License-Identifier: GPL-2.0
> > > > +# Copyright (c) 2022 Red Hat, Inc.  All Rights Reserved.
> > > > +#
> > > > +# FS QA Test No. 999
> > > > +#
> > > > +# Test for the Dirty Pipe vulnerability (CVE-2022-0847) caused by an
> > > > +# uninitialized  "pipe_buffer.flags" variable, which fixed by:
> > > > +#   9d2231c5d74e ("lib/iov_iter: initialize "flags" in new pipe_buffer")
> > > > +#
> > > > +. ./common/preamble
> > > > +_begin_fstest auto quick
> > > > +
> > > > +_cleanup()
> > > > +{
> > > > +	cd /
> > > > +	rm -f $tmp.*
> > > > +	rm -f $TEST_DIR/testfile.$seq
> > > > +}
> > > 
> > > Just leave the test file lying around so this can use the default
> > > cleanup method. The test device is supposed to gather random
> > > cruft as tests run....
> > 
> > Got that, I'll keep this file, and turn to use default _cleanup.
> > 
> > > 
> > > > +
> > > > +# real QA test starts here
> > > > +_supported_fs generic
> > > > +_require_test
> > > > +_require_user
> > > > +_require_chmod
> > > > +_require_test_program "splice2pipe"
> > > > +
> > > > +localfile=$TEST_DIR/testfile.$seq
> > > 
> > > .... and remove the file here as part of test setup with:
> > > 
> > > rm -f $localfile
> > 
> > Just curious, I've used xfs_io "-t" option to truncate $localfile before testing:
> > $XFS_IO_PROG -f -t -c "pwrite 0 4k -S 0xff" $localfile
> > 
> > Can that instead of the "rm -f $localfile" ?
> 
> Open-and-truncate isn't safe here because some other (buggy) test might
> run 'mkfifo $TEST_DIR/testfile.XXX' and now opening the pipe will hang
> fstests.  It's ok for the scratch fs because you have to mkfs it, but as
> Dave said, the test fs slowly accumulates cruft over time.

Make sense, Thanks! I'll change that.

Thanks,
Zorro

> 
> --D
> 
> > (As both patches need to change, I'd like to change the 1st patch's g/404 in next
> > version patch together, if no objection)
> > 
> > Thanks,
> > Zorro
> > 
> > > 
> > > Otherwise looks fine.
> > > 
> > > Cheers,
> > > 
> > > Dave.
> > > -- 
> > > Dave Chinner
> > > david@fromorbit.com
> > > 
> > 
> 