* Re: [Squashfs-devel] PROBLEM: mount empty SquashFS [not found] ` <5018AFA8.8070709@lougher.demon.co.uk> @ 2012-09-04 18:52 ` Geert Uytterhoeven 2012-09-09 18:17 ` Ben Hutchings 2012-09-27 21:03 ` Greg KH 0 siblings, 2 replies; 5+ messages in thread From: Geert Uytterhoeven @ 2012-09-04 18:52 UTC (permalink / raw) To: Phillip Lougher Cc: Cyril Strejc, phillip, squashfs-devel, linux-kernel, stable Hi Phillip, On Wed, Aug 1, 2012 at 6:25 AM, Phillip Lougher <phillip@lougher.demon.co.uk> wrote: > Cyril Strejc wrote: >> I have problem when mounting empty SquashFS. Mount syscall ends with EINVAL. >> >> Kernel vesions: mainline >> SquashFS tools version: 4.2 >> >> Steps to reproduce: >> 1. create empty directory (mkdir empty) >> 2. create SquashFS image (my mksquashfs output below) >> 3. mount image using block or loop device (strace output below) >> >> I've add some printk to >> super.c: squashfs_fill_super() >> >> /* code starts here */ >> ... >> handle_fragments: >> fragments = le32_to_cpu(sblk->fragments); >> printk("fragments = %u\n", fragments); >> ... >> check_directory_table: >> /* Sanity check directory_table */ >> if (msblk->directory_table >= next_table) { >> printk("directory_table = %llu, next_table = %llu\n", >> msblk->directory_table, next_table); >> err = -EINVAL; >> printk("mount error: 16\n"); >> goto failed_mount; >> } >> ... >> >> dmesg after mount: >> fragments = 0 >> directory_table = 125, next_table = 125 >> mount error: 16 >> >> >> I hardly understand these details. Please, do You have any idea? >> > > Hi Cyril, > > This is a Squashfs kernel bug introduced by some extra superblock > sanity checks added in kernel 3.0. These extra sanity checks were > necessary to harden Squashfs against corrupted Squashfs filesystems > generated by the latest version of fsfuzzer (a tool used to randomly > corrupt filesystems with the aim of making the filesystem code > behave badly). > > I discovered the sanity checks mistakenly flagged empty filesystems > as invalid in January, and added a fix to the mainline kernel, FYI > the commit is here: > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 > > This bug has been fixed in kernel versions 3.3 and newer, but, kernel > versions 3.0, 3.1 and 3.2 unfortunately have this bug. > > There's really only three solutions to this problem: > > - upgrade to a later kernel, 3.3 or newer, > - apply the above commit to your kernel, or > - avoid generating empty filesystems and trying to mount them > > The one obvious question that arises here is why are you generating > completely empty filesystems and then trying to mount them? An > empty Squashfs filesystem doesn't seem to serve any useful purpose? I can easily imagine a system that has an optional filesystem mounted, which may be empty. For such a system, it's a regression. So I think this warrants application to the stable 3.0, 3.1, and 3.2 branches. Commit cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 ("Squashfs: fix mount time sanity check for corrupted superblock") seems to cherry-pick just fine on v3.0.42, v3.1.10, and v3.2.28. >> mksquashfs command output: >> -------------------------- >> localhost:~ # mksquashfs emptydir test.bin >> Parallel mksquashfs: Using 1 processor >> Creating 4.0 filesystem on test.bin, block size 131072. >> >> Exportable Squashfs 4.0 filesystem, gzip compressed, data block size 131072 >> compressed data, compressed metadata, compressed fragments, no >> xattrs >> duplicates are removed >> Filesystem size 0.15 Kbytes (0.00 Mbytes) >> 99.37% of uncompressed filesystem size (0.15 Kbytes) >> Inode table size 29 bytes (0.03 Kbytes) >> 85.29% of uncompressed inode table size (34 bytes) >> Directory table size 0 bytes (0.00 Kbytes) >> nan% of uncompressed directory table size (0 bytes) >> Number of duplicate files found 0 >> Number of inodes 1 >> Number of files 0 >> Number of fragments 0 >> Number of symbolic links 0 >> Number of device nodes 0 >> Number of fifo nodes 0 >> Number of socket nodes 0 >> Number of directories 1 >> Number of ids (unique uids + gids) 1 >> Number of uids 1 >> root (0) >> Number of gids 1 >> root (0) >> -------------------------------------------------------------------- >> >> mount command output (strace): >> ----------------------------- >> mount("/dev/loop0", "/mnt", "squashfs", MS_MGC_VAL, NULL) = -1 EINVAL >> (Invalid argument) >> >> anouther mount version (empty image on MTD device): >> --------------------------------------------------- >> mount("/dev/mtdblock4", "/mnt", "squashfs", MS_RDONLY|MS_SILENT, NULL) = >> -1 EINVAL (Invalid argument) Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Squashfs-devel] PROBLEM: mount empty SquashFS 2012-09-04 18:52 ` [Squashfs-devel] PROBLEM: mount empty SquashFS Geert Uytterhoeven @ 2012-09-09 18:17 ` Ben Hutchings 2012-09-09 19:30 ` Phillip Lougher 2012-09-27 21:03 ` Greg KH 1 sibling, 1 reply; 5+ messages in thread From: Ben Hutchings @ 2012-09-09 18:17 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Phillip Lougher, Cyril Strejc, phillip, squashfs-devel, linux-kernel, stable [-- Attachment #1: Type: text/plain, Size: 1047 bytes --] On Tue, 2012-09-04 at 20:52 +0200, Geert Uytterhoeven wrote: > Hi Phillip, > > On Wed, Aug 1, 2012 at 6:25 AM, Phillip Lougher > <phillip@lougher.demon.co.uk> wrote: [...] > > I discovered the sanity checks mistakenly flagged empty filesystems > > as invalid in January, and added a fix to the mainline kernel, FYI > > the commit is here: > > > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 [...] > I can easily imagine a system that has an optional filesystem mounted, > which may be empty. For such a system, it's a regression. > > So I think this warrants application to the stable 3.0, 3.1, and 3.2 branches. > Commit cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 ("Squashfs: fix > mount time sanity check for corrupted superblock") seems to cherry-pick just > fine on v3.0.42, v3.1.10, and v3.2.28. [...] I've queued this up for 3.2, thanks. Ben. -- Ben Hutchings Time is nature's way of making sure that everything doesn't happen at once. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 828 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Squashfs-devel] PROBLEM: mount empty SquashFS 2012-09-09 18:17 ` Ben Hutchings @ 2012-09-09 19:30 ` Phillip Lougher 0 siblings, 0 replies; 5+ messages in thread From: Phillip Lougher @ 2012-09-09 19:30 UTC (permalink / raw) To: Ben Hutchings Cc: Geert Uytterhoeven, Phillip Lougher, Cyril Strejc, phillip, squashfs-devel, linux-kernel, stable On Sun, Sep 9, 2012 at 7:17 PM, Ben Hutchings <ben@decadent.org.uk> wrote: > > I've queued this up for 3.2, thanks. Thanks Ben Phillip . ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Squashfs-devel] PROBLEM: mount empty SquashFS 2012-09-04 18:52 ` [Squashfs-devel] PROBLEM: mount empty SquashFS Geert Uytterhoeven 2012-09-09 18:17 ` Ben Hutchings @ 2012-09-27 21:03 ` Greg KH 2012-09-27 22:01 ` Phillip Lougher 1 sibling, 1 reply; 5+ messages in thread From: Greg KH @ 2012-09-27 21:03 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Phillip Lougher, Cyril Strejc, phillip, squashfs-devel, linux-kernel, stable On Tue, Sep 04, 2012 at 08:52:44PM +0200, Geert Uytterhoeven wrote: > Hi Phillip, > > On Wed, Aug 1, 2012 at 6:25 AM, Phillip Lougher > <phillip@lougher.demon.co.uk> wrote: > > Cyril Strejc wrote: > >> I have problem when mounting empty SquashFS. Mount syscall ends with EINVAL. > >> > >> Kernel vesions: mainline > >> SquashFS tools version: 4.2 > >> > >> Steps to reproduce: > >> 1. create empty directory (mkdir empty) > >> 2. create SquashFS image (my mksquashfs output below) > >> 3. mount image using block or loop device (strace output below) > >> > >> I've add some printk to > >> super.c: squashfs_fill_super() > >> > >> /* code starts here */ > >> ... > >> handle_fragments: > >> fragments = le32_to_cpu(sblk->fragments); > >> printk("fragments = %u\n", fragments); > >> ... > >> check_directory_table: > >> /* Sanity check directory_table */ > >> if (msblk->directory_table >= next_table) { > >> printk("directory_table = %llu, next_table = %llu\n", > >> msblk->directory_table, next_table); > >> err = -EINVAL; > >> printk("mount error: 16\n"); > >> goto failed_mount; > >> } > >> ... > >> > >> dmesg after mount: > >> fragments = 0 > >> directory_table = 125, next_table = 125 > >> mount error: 16 > >> > >> > >> I hardly understand these details. Please, do You have any idea? > >> > > > > Hi Cyril, > > > > This is a Squashfs kernel bug introduced by some extra superblock > > sanity checks added in kernel 3.0. These extra sanity checks were > > necessary to harden Squashfs against corrupted Squashfs filesystems > > generated by the latest version of fsfuzzer (a tool used to randomly > > corrupt filesystems with the aim of making the filesystem code > > behave badly). > > > > I discovered the sanity checks mistakenly flagged empty filesystems > > as invalid in January, and added a fix to the mainline kernel, FYI > > the commit is here: > > > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 > > > > This bug has been fixed in kernel versions 3.3 and newer, but, kernel > > versions 3.0, 3.1 and 3.2 unfortunately have this bug. > > > > There's really only three solutions to this problem: > > > > - upgrade to a later kernel, 3.3 or newer, > > - apply the above commit to your kernel, or > > - avoid generating empty filesystems and trying to mount them > > > > The one obvious question that arises here is why are you generating > > completely empty filesystems and then trying to mount them? An > > empty Squashfs filesystem doesn't seem to serve any useful purpose? > > I can easily imagine a system that has an optional filesystem mounted, > which may be empty. For such a system, it's a regression. > > So I think this warrants application to the stable 3.0, 3.1, and 3.2 branches. > Commit cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 ("Squashfs: fix > mount time sanity check for corrupted superblock") seems to cherry-pick just > fine on v3.0.42, v3.1.10, and v3.2.28. Queued up for 3.0.y, thanks. greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Squashfs-devel] PROBLEM: mount empty SquashFS 2012-09-27 21:03 ` Greg KH @ 2012-09-27 22:01 ` Phillip Lougher 0 siblings, 0 replies; 5+ messages in thread From: Phillip Lougher @ 2012-09-27 22:01 UTC (permalink / raw) To: Greg KH Cc: Geert Uytterhoeven, Phillip Lougher, Cyril Strejc, phillip, squashfs-devel, linux-kernel, stable On Thu, Sep 27, 2012 at 10:03 PM, Greg KH <greg@kroah.com> wrote: > On Tue, Sep 04, 2012 at 08:52:44PM +0200, Geert Uytterhoeven wrote: >> >> So I think this warrants application to the stable 3.0, 3.1, and 3.2 branches. >> Commit cc37f75a9ffbbfcb1c3297534f293c8284e3c5a6 ("Squashfs: fix >> mount time sanity check for corrupted superblock") seems to cherry-pick just >> fine on v3.0.42, v3.1.10, and v3.2.28. > > Queued up for 3.0.y, thanks. > Thanks Greg Phillip ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-09-27 22:01 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <5017A064.1030605@unicontrols.cz> [not found] ` <5018AFA8.8070709@lougher.demon.co.uk> 2012-09-04 18:52 ` [Squashfs-devel] PROBLEM: mount empty SquashFS Geert Uytterhoeven 2012-09-09 18:17 ` Ben Hutchings 2012-09-09 19:30 ` Phillip Lougher 2012-09-27 21:03 ` Greg KH 2012-09-27 22:01 ` Phillip Lougher
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).