Launchpad has imported 1 comments from the remote bug at https://bugzilla.kernel.org/show_bug.cgi?id=216626.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2022-10-25T16:46:18+00:00 colin.i.king wrote: Created attachment 303085 C source to reproduce the fallocate/SIGXFSZ issue This is a corner case on 32 bit systems when using large file offsets, fallocate and setrlimit. Issue found on ext4, probably also on other file systems(?). Setting the RLIMIT_FSIZE with setrlimit to 0xffffffff and then fallocating 1 or more bytes at the offset of 0xffffffff should make the fallocate fail with EFBIG and generate a SIGXFSZ signal. On 64 bit platforms this works, on 32 bit platforms such as i386 4.15 kernels through to linux 6.0 it fails to generate EFBIG errors and SIGXFSZ. Attached is a test program to illustrate the problem. It sets the file size limit and allocates 1024 bytes at the boundary file size limit for 3 offsets: On 64 bit systems we get the expected results: got signal SIGXFSZ offset: 65536 (0x10000), fallocate returned: -1 got signal SIGXFSZ offset: 4294966271 (0xfffffbff), fallocate returned: -1 got signal SIGXFSZ offset: 4294967295 (0xffffffff), fallocate returned: -1 On 32 bit systems the code fails on the 0xffffffff offset: got signal SIGXFSZ offset: 65536 (0x10000), fallocate returned: -1 got signal SIGXFSZ offset: 4294966271 (0xfffffbff), fallocate returned: -1 offset: 4294967295 (0xffffffff), fallocate returned: 0 Attached is the reproducer. I found this while developing a file limit boundary test case in stress- ng and discovered it breaks on all 32 bit kernels (armhf, i386, etc), even with recent 5.15 and 6.0 kernels. attached is a simple reproducer Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1994079/comments/4 ** Changed in: linux Status: Unknown => Confirmed ** Changed in: linux Importance: Unknown => Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1994079 Title: fallocate on 32 bit boundary on 32 bit systems with setrlimit fails to generate SIGXFSZ signal Status in Linux: Confirmed Status in linux package in Ubuntu: New Bug description: This is a corner case on 32 bit systems when using large file offsets, fallocate and setrlimit. Setting the RLIMIT_FSIZE with setrlimit to 0xffffffff and then fallocating 1 or more bytes at the offset of 0xffffffff should make the fallocate fail with EFBIG and generate a SIGXFSZ signal. On 64 bit platforms this works, on 32 bit platforms such as i386 Ubuntu bionic with 4.15 kernels it fails to generate EFBIG errors and SIGXFSZ. Attached is a test program to illustrate the problem. It sets the file size limit and allocates 1024 bytes at the boundary file size limit for 3 offsets: On 64 bit systems we get the expected results: got signal SIGXFSZ offset: 65536 (0x10000), fallocate returned: -1 got signal SIGXFSZ offset: 4294966271 (0xfffffbff), fallocate returned: -1 got signal SIGXFSZ offset: 4294967295 (0xffffffff), fallocate returned: -1 On 32 bit systems the code fails on the 0xffffffff offset: got signal SIGXFSZ offset: 65536 (0x10000), fallocate returned: -1 got signal SIGXFSZ offset: 4294966271 (0xfffffbff), fallocate returned: -1 offset: 4294967295 (0xffffffff), fallocate returned: 0 Attached is the reproducer. I found this while developing a file limit boundary test case in stress-ng and discovered it breaks on all 32 bit kernels (armhf, i386, etc), even with recent 5.15 kernels. This could be seen as a security issue; the sysadmin can set the file size limit and yet a 32 bit system can use a corner case like this to fallocate a much larger file by using the 0xffffffff offset and a huge fallocate size. To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1994079/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
