Bug 57714 - Possible DoS attack with Reiserfs and large files.
Possible DoS attack with Reiserfs and large files.
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Stephen Tweedie
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-12-19 18:57 EST by Gigs
Modified: 2007-04-18 12:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-12-18 14:37:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gigs 2001-12-19 18:57:23 EST
Description of Problem:
I've found an apparent local (or possibly remote) DoS that is 
due to a bug somewhere in Reiserfs apparently.  Kernel version is stock RedHat 2.4.13smp.  
Root fs is EXT3.  File system in question is a secondary storage fs that is software RAID0 
over hardware RAID5 on 3ware cards.  Reiserfs partition is created on 

Attempting to create a file on the Reiser partition that is larger than 2GB 
will cause the process that is accessing that file to continue to write, but the file size 
as reported by df and ls maxes out at 2GB.  Once the process starts attempting to write past 
2GB, it cannot be killed.  This means an unprivlidged user can create many processes that 
cannot be killed by any means, except for a hardware reset of the system.  Reboot is 
impossible, as the processes will not die.  Attempts to rm this file will cause rm to hang 
with high cpu usage.  The filesystem with the large file on it must be destroyed to get rid of 
the file.

This could be a remote DoS in certain configurations.  IPCHAINS rules that log 
invalid packets, or similar logging with any remote application could be used to attempt 
to create large log files that would hang system, force hard boot, and damage filesystem.  
Workaround would be to ensure that all logs cannot exceed 2GB under any circumstances, if 
they are written to Reiserfs.

Version-Release number of selected component (if 
2.4.9-13smp #1 SMP Tue Oct 30 19:57:16 EST 2001 i686 unknown

Always, on system in question.  Was not able to get access to other systems 
with reiserfs to confirm.  Confirmed that EXT3 has no problem with big files in default Red 
Hat config.

Steps to Reproduce:
Create large reiserfs filesystem on 2.4.9-13smp
if=/dev/zero of=/storage/bigfile
Wait until file hits 2GB
Attempt to kill dd process 
or rm file.

Actual Results:
Hung processes with high cpu use, that cannot be killed by 
owner or root.
System must be hard booted, file system must be recreated.

A big file of NULLs

Additional Information:
Contacted 3ware driver 
maintainer, he said problem was not with driver, and likely not with software RAID0 code, 
as those operate on the block level and are not aware of file sizes.  He suggested the file 
system as a likely culprit.

System is Red Hat 7.2 with all updates applied.
Comment 1 Gigs 2002-01-03 15:37:20 EST
Confirmed bug on independant system.  The problem seems to be with ReiserFS as it is included in 
Red Hat's kernel 2.4.9-13, smp and up.
Comment 2 Alan Cox 2002-12-18 11:19:38 EST
Should be fine in current 2.4.18 based kernels, please confirm.
Comment 3 Gigs 2002-12-18 14:37:02 EST
No longer problem in 2.4.18-18-7.x, closing bug.

Note You need to log in before you can comment on or make changes to this bug.