Reproducible example of overlay and overlay mac driver bug

problem

It's been observed under certain circumstances that MacOS overlay and overlay2 storage drivers cause the syscall copy_file_range to return zero bytes written in Alpine Linux images.

When this happens, it does not appear to be user error. Or it's at least unclear where that user error could be. The parameters passed to copy_file_range are valid: good file descriptors, good offset etc...

This has at least propagated into one known bug outside of docker land: see nodejs copy_file* infinite loops.

Environment:

  1. Alpine Linux base image.
  2. MacOS Docker Engine
  3. overlay overlay2 storage driver

Note this doesn't appear to impact Docker on Linux, or MacOS using other storage drivers (such as vfs).

deets

Initially, this error surfaced after a cp command was executed on a regular file, and then seeing a nodejs process hang with high cpu usage on copy.

This can be reproed with the following docker image:

docker run dchampz/copy_file_range-test:alpine-312

More fundamentally, the do-test shell script, demonstrates the high-level problem, where a cped file cannot be copied via copy_file_range.

However, this can be refined even further (see sendfile-repro.c):

It appears that after the sendfile syscall has been used, copy_file_range will return zero when copying from that file to another file.

Potentially interesting find

While the repro outlined in do-test shell script does work in Debian linux, the more targeted example shows the same behavior:

docker run dchampz/copy_file_range-test:debian-11-sendFile

    sendfile bytes written: 16
	sendfile -> copy_file_range bytes written: 0
	copy_file_range bytes written: 16
	cfr->cfr bytes written: 16

The following docker images can be used to demonstrate this reproduction:

note: I could not reproduce this outside of macos

For the high-level cp example:

  • docker run dchampz/copy_file_range-test:alpine-312

For the more targeted repro:

  • docker run dchampz/copy_file_range-test:alpine-312-sendfileRepro
  • docker run dchampz/copy_file_range-test:debian-11-sendFile

For examples outside of Alpine that does not exhibit the same behaviour:

  • docker run dchampz/copy_file_range-test:debian-11
Similar Resources

EdiZon Overlay originally by WerWolv. Updated for libnx 4.2.0

EdiZon-Overlay Written by WerWolv Edited by proferabg Changelog v1.0.1 Updated to libnx 4.2.0 v1.0.2 Submenu Feature Added How To Use Submenus In yo

Nov 22, 2022

Simplest Apex Legends hack with overlay (DX9)

nullptr apex external [old version] | Автор Реализован на утечке - mhyprot ( кто не знает , это драйвер АС GENSHIN IMPACT ). Aimbot - mouse_event если

Nov 21, 2022

Visualization Library is a C++ middleware for high-performance 2D and 3D graphics applications based on OpenGL 1.x-4.x supporting Windows, Linux and Mac OS X.

Visualization Library 2.2 Gallery About Visualization Library is a C++ middleware for high-performance 2D and 3D graphics applications based on the in

Nov 8, 2022

Oxygine is C++ engine and framework for 2D games on iOS, Android, Windows, Linux and Mac

BUILD AND RUN See oxygine-framework/readme/ folder. It has instructions on how to build and run oxygine on different platforms. Wiki available at http

Nov 24, 2022

Get CPU & GPU temperatures and fan and battery statistics from your Mac.

macOS Hardware Stats Get CPU & GPU temperatures and fan and battery statistics from your Mac. This simple script will output a JSON array containing h

May 5, 2022

x64 Windows kernel driver mapper, inject unsigned driver using anycall

x64 Windows kernel driver mapper, inject unsigned driver using anycall

anymapper x64 Windows kernel driver mapper, inject unsigned driver using anycall This project is WIP. Todo Fix: Can't make API calls from IAT nor func

Nov 26, 2022

Driver leap - Self-sustainable fork of SteamVR driver for Leap Motion controller with updated vendor libraries

Driver leap - Self-sustainable fork of SteamVR driver for Leap Motion controller with updated vendor libraries

Driver Leap Self-sustainable fork of SteamVR driver for Leap Motion controller with updated vendor libraries Installation (for users) Install Ultralea

Nov 11, 2022

Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.

Hygieia The Greek goddess of health, her name is the source for the word "hygiene". Hygieia is a windows driver that works similarly to how pagewalkr

Oct 28, 2022

SinMapper - usermode driver mapper that forcefully loads any signed kernel driver

SinMapper - usermode driver mapper that forcefully loads any signed kernel driver

usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything due to being inside of legit memory (signed legit driver).

Nov 25, 2022
External warzone cheat with manual mapped driver (function hook), overlay (nvidia hijack), simple esp, no recoil

external_warzone_cheat External warzone cheat with manual mapped driver (function hook), overlay (nvidia hijack), simple esp, no recoil Offsests are N

Nov 14, 2022
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

CosMapper Loads a signed kernel driver (signed with leaked cert) which allows you to map any driver to kernel mode without any traces of the signed /

Nov 25, 2022
Demo exploit code for CVE-2020-27904, a tfp0 bug.

xattr-oob-swap CVE-2020-27904: a tfp0 bug for macOS 10.15.x and below. Demo exploit code for my talk at BlackHat ASIA 2021. The vulnerability has been

Nov 9, 2022
A fork of the kwin blur effect that solve the corners bug.
A fork of the kwin blur effect that solve the corners bug.

Kwin blur effect - Respect rounded corners This kwin effect is a fork of the default kwin blur effect, with minimal changes to solve the "plasma korne

Nov 8, 2022
An implementation of the SZZ algorithm, i.e., an approach to identify bug-introducing commits.
An implementation of the SZZ algorithm, i.e., an approach to identify bug-introducing commits.

SZZ Unleashed SZZ Unleashed is an implementation of the SZZ algorithm, i.e. an approach to identify bug-introducing commits, introduced by Śliwerski e

Nov 12, 2022
🐧MAJOR BUG GRANTS ROOT FOR ALL MAJOR LINUX DISTRIBUTIONS

?? MAJOR BUG GRANTS ROOT FOR ALL MAJOR LINUX DISTRIBUTIONS CTF quality exploit bla bla irresponsible disclosure terminal: [email protected]:~$ wget https://g

Jun 22, 2022
C#-like properties for C++20. This was made to demonstrate a bug in ClangFormat.

cpp20-property C#-like properties for C++20. Example usage #include <iostream> #include <Propery.hpp> class ProperyTest { public: zsl::Property<

Jun 9, 2022
Example-application - Example out-of-tree application that is also a module

Zephyr Example Application This repository contains a Zephyr example application. The main purpose of this repository is to serve as a reference on ho

Nov 14, 2022
Fully resizing juce peak meter module with optional fader overlay.
Fully resizing juce peak meter module with optional fader overlay.

Sound Meter Juce peak meter module with optional fader overlay. by Marcel Huibers | Sound Development 2021 | Published under the MIT License Features:

Nov 22, 2022