From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755010Ab2I0VD5 (ORCPT ); Thu, 27 Sep 2012 17:03:57 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:52215 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754623Ab2I0VDx (ORCPT ); Thu, 27 Sep 2012 17:03:53 -0400 X-Sasl-enc: q0sqc9e/on/bMQjum61mKo9RS3GHvyITnDIlObPnBtkL 1348779831 Date: Thu, 27 Sep 2012 14:03:35 -0700 From: Greg KH To: Geert Uytterhoeven Cc: Phillip Lougher , Cyril Strejc , phillip@squashfs.org.uk, squashfs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [Squashfs-devel] PROBLEM: mount empty SquashFS Message-ID: <20120927210335.GA3468@kroah.com> References: <5017A064.1030605@unicontrols.cz> <5018AFA8.8070709@lougher.demon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 04, 2012 at 08:52:44PM +0200, Geert Uytterhoeven wrote: > Hi Phillip, > > On Wed, Aug 1, 2012 at 6:25 AM, Phillip Lougher > wrote: > > Cyril Strejc wrote: > >> I have problem when mounting empty SquashFS. Mount syscall ends with EINVAL. > >> > >> Kernel vesions: mainline > >> SquashFS tools version: 4.2 > >> > >> Steps to reproduce: > >> 1. create empty directory (mkdir empty) > >> 2. create SquashFS image (my mksquashfs output below) > >> 3. mount image using block or loop device (strace output below) > >> > >> I've add some printk to > >> super.c: squashfs_fill_super() > >> > >> /* code starts here */ > >> ... > >> handle_fragments: > >> fragments = le32_to_cpu(sblk->fragments); > >> printk("fragments = %u\n", fragments); > >> ... > >> check_directory_table: > >> /* Sanity check directory_table */ > >> if (msblk->directory_table >= next_table) { > >> printk("directory_table = %llu, next_table = %llu\n", > >> msblk->directory_table, next_table); > >> err = -EINVAL; > >> printk("mount error: 16\n"); > >> goto failed_mount; > >> } > >> ... > >> > >> dmesg after mount: > >> fragments = 0 > >> directory_table = 125, next_table = 125 > >> mount error: 16 > >> > >> > >> I hardly understand these details. Please, do You have any idea? > >> > > > > Hi Cyril, > > > > This is a Squashfs kernel bug introduced by some extra superblock > > sanity checks added in kernel 3.0. These extra sanity checks were > > necessary to harden Squashfs against corrupted Squashfs filesystems > > generated by the latest version of fsfuzzer (a tool used to randomly > > corrupt filesystems with the aim of making the filesystem code > > behave badly). > > > > I discovered the sanity checks mistakenly flagged empty filesystems > > as invalid in January, and added a fix to the mainline kernel, FYI > > the commit is here: > > > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 > > > > This bug has been fixed in kernel versions 3.3 and newer, but, kernel > > versions 3.0, 3.1 and 3.2 unfortunately have this bug. > > > > There's really only three solutions to this problem: > > > > - upgrade to a later kernel, 3.3 or newer, > > - apply the above commit to your kernel, or > > - avoid generating empty filesystems and trying to mount them > > > > The one obvious question that arises here is why are you generating > > completely empty filesystems and then trying to mount them? An > > empty Squashfs filesystem doesn't seem to serve any useful purpose? > > I can easily imagine a system that has an optional filesystem mounted, > which may be empty. For such a system, it's a regression. > > So I think this warrants application to the stable 3.0, 3.1, and 3.2 branches. > Commit cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 ("Squashfs: fix > mount time sanity check for corrupted superblock") seems to cherry-pick just > fine on v3.0.42, v3.1.10, and v3.2.28. Queued up for 3.0.y, thanks. greg k-h