https://bugzilla.suse.com/show_bug.cgi?id=1230065 https://bugzilla.suse.com/show_bug.cgi?id=1230065#c1 David Disseldorp <ddiss@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED Assignee|kernel-fs@suse.de |ddiss@suse.com CC| |ddiss@suse.com --- Comment #1 from David Disseldorp <ddiss@suse.com> --- Thanks for the report... (In reply to Martin Doucha from comment #0)

LTP test fsconfig03 (CVE 2022-0185) fails on Tumbleweed KOTD. The test tries to overflow the filesystem parameter buffer by repeatedly setting empty key to non-empty value using fsconfig(FSCONFIG_SET_STRING). These fsconfig() calls are supposed to fail. However, bcachefs accepts them anyway at least since Tumbleweed KOTD build 6.11.0-rc3-2.g00af0c0-default. https://openqa.opensuse.org/tests/4402207#step/cve-2022-0185/8

Latest failure: https://openqa.opensuse.org/tests/4447854#step/cve-2022-0185/8 dmesg log: https://openqa.opensuse.org/tests/4447854/logfile?filename=serial0.txt

Last good: 6.10.1-1.g4c78d6f-default

KOTD builds between 6.10.1-1.g4c78d6f-default and 6.11.0-rc3-2.g00af0c0-default were not tested due to mkfs issue.

This was introduced via 929d954330142 ("bcachefs: use new mount API") where bcachefs provides its own fs_context_operations.parse_param hook. The hook intentionally ignores unknown options: 467) int bch2_parse_one_mount_opt(struct bch_fs *c, struct bch_opts *opts, 468) struct printbuf *parse_later, 469) const char *name, const char *val) ... 485) /* Unknown options are ignored: */ 486) if (id < 0) 487) return 0; This seems quite broken in that users won't be able to discover whether a parameter was correctly handled or (e.g. on an older kernel) unhandled. Changing it to return -ENOPARAM here instead might be an option (it fixes the test), but could also break existing programs feeding in unknown/rubbish parameters. I'll raise this upstream. -- You are receiving this mail because: You are on the CC list for the bug.