Red Hat Bugzilla – Bug 57714
Possible DoS attack with Reiserfs and large files.
Last modified: 2007-04-18 12:38:47 EDT
Description of Problem:
I've found an apparent local (or possibly remote) DoS that is
due to a bug somewhere in Reiserfs apparently. Kernel version is stock RedHat 2.4.13smp.
Root fs is EXT3. File system in question is a secondary storage fs that is software RAID0
over hardware RAID5 on 3ware cards. Reiserfs partition is created on
Attempting to create a file on the Reiser partition that is larger than 2GB
will cause the process that is accessing that file to continue to write, but the file size
as reported by df and ls maxes out at 2GB. Once the process starts attempting to write past
2GB, it cannot be killed. This means an unprivlidged user can create many processes that
cannot be killed by any means, except for a hardware reset of the system. Reboot is
impossible, as the processes will not die. Attempts to rm this file will cause rm to hang
with high cpu usage. The filesystem with the large file on it must be destroyed to get rid of
This could be a remote DoS in certain configurations. IPCHAINS rules that log
invalid packets, or similar logging with any remote application could be used to attempt
to create large log files that would hang system, force hard boot, and damage filesystem.
Workaround would be to ensure that all logs cannot exceed 2GB under any circumstances, if
they are written to Reiserfs.
Version-Release number of selected component (if
2.4.9-13smp #1 SMP Tue Oct 30 19:57:16 EST 2001 i686 unknown
Always, on system in question. Was not able to get access to other systems
with reiserfs to confirm. Confirmed that EXT3 has no problem with big files in default Red
Steps to Reproduce:
Create large reiserfs filesystem on 2.4.9-13smp
Wait until file hits 2GB
Attempt to kill dd process
or rm file.
Hung processes with high cpu use, that cannot be killed by
owner or root.
System must be hard booted, file system must be recreated.
A big file of NULLs
Contacted 3ware driver
maintainer, he said problem was not with driver, and likely not with software RAID0 code,
as those operate on the block level and are not aware of file sizes. He suggested the file
system as a likely culprit.
System is Red Hat 7.2 with all updates applied.
Confirmed bug on independant system. The problem seems to be with ReiserFS as it is included in
Red Hat's kernel 2.4.9-13, smp and up.
Should be fine in current 2.4.18 based kernels, please confirm.
No longer problem in 2.4.18-18-7.x, closing bug.