Public bug reported:
This is a corner case on 32 bit systems when using large file offsets,
fallocate and setrlimit.
Setting the RLIMIT_FSIZE with setrlimit to 0xffffffff and then
fallocating 1 or more bytes at the offset of 0xffffffff should make the
fallocate fail with EFBIG and generate a SIGXFSZ signal. On 64 bit
platforms this works, on 32 bit platforms such as i386 Ubuntu bionic
with 4.15 kernels it fails to generate EFBIG errors and SIGXFSZ.
Attached is a test program to illustrate the problem. It sets the file
size limit and allocates 1024 bytes at the boundary file size limit for
3 offsets:
On 64 bit systems we get the expected results:
got signal SIGXFSZ
offset: 65536 (0x10000), fallocate returned: -1
got signal SIGXFSZ
offset: 4294966271 (0xfffffbff), fallocate returned: -1
got signal SIGXFSZ
offset: 4294967295 (0xffffffff), fallocate returned: -1
On 32 bit systems the code fails on the 0xffffffff offset:
got signal SIGXFSZ
offset: 65536 (0x10000), fallocate returned: -1
got signal SIGXFSZ
offset: 4294966271 (0xfffffbff), fallocate returned: -1
offset: 4294967295 (0xffffffff), fallocate returned: 0
Attached is the reproducer.
I found this while developing a file limit boundary test case in stress-
ng and discovered it breaks on all 32 bit kernels (armhf, i386, etc),
even with recent 5.15 kernels.
This could be seen as a security issue; the sysadmin can set the file
size limit and yet a 32 bit system can use a corner case like this to
fallocate a much larger file by using the 0xffffffff offset and a huge
fallocate size.
** Affects: linux (Ubuntu)
Importance: High
Status: New
** Attachment added: "fallocate/file size limit reproducer C source"
https://bugs.launchpad.net/bugs/1994079/+attachment/5626526/+files/fallocate.c
** Changed in: linux (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1994079
Title:
fallocate on 32 bit boundary on 32 bit systems with setrlimit fails to
generate SIGXFSZ signal
Status in linux package in Ubuntu:
New
Bug description:
This is a corner case on 32 bit systems when using large file offsets,
fallocate and setrlimit.
Setting the RLIMIT_FSIZE with setrlimit to 0xffffffff and then
fallocating 1 or more bytes at the offset of 0xffffffff should make
the fallocate fail with EFBIG and generate a SIGXFSZ signal. On 64 bit
platforms this works, on 32 bit platforms such as i386 Ubuntu bionic
with 4.15 kernels it fails to generate EFBIG errors and SIGXFSZ.
Attached is a test program to illustrate the problem. It sets the file
size limit and allocates 1024 bytes at the boundary file size limit
for 3 offsets:
On 64 bit systems we get the expected results:
got signal SIGXFSZ
offset: 65536 (0x10000), fallocate returned: -1
got signal SIGXFSZ
offset: 4294966271 (0xfffffbff), fallocate returned: -1
got signal SIGXFSZ
offset: 4294967295 (0xffffffff), fallocate returned: -1
On 32 bit systems the code fails on the 0xffffffff offset:
got signal SIGXFSZ
offset: 65536 (0x10000), fallocate returned: -1
got signal SIGXFSZ
offset: 4294966271 (0xfffffbff), fallocate returned: -1
offset: 4294967295 (0xffffffff), fallocate returned: 0
Attached is the reproducer.
I found this while developing a file limit boundary test case in
stress-ng and discovered it breaks on all 32 bit kernels (armhf, i386,
etc), even with recent 5.15 kernels.
This could be seen as a security issue; the sysadmin can set the file
size limit and yet a 32 bit system can use a corner case like this to
fallocate a much larger file by using the 0xffffffff offset and a huge
fallocate size.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1994079/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
