lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 2 Jun 2011 10:24:11 +0300
From:	Mika Bostrom <bostik+lkml@...tik.iki.fi>
To:	linux-kernel@...r.kernel.org, jack@...e.cz
Cc:	Mika Bostrom <bostik@...tik.iki.fi>
Subject: Reproducible OOPS with UDF on flash

  Hello hackers. I found a reliable way to oops the kernel - both
2.6.38.6 and 2.6.39 are affected.

  The setup is this:
- debian unstable
- configured udisks + usbmount to automount thumb drives
- attached a thumbdrive with UDF filesystem on it
- checked that drive was mounted
- removed drive
==> OOPS

  The oops only happens with UDF. A vfat filesystem doesn't cause any
problems.

  Okay, I know that UDF on flash is somewhat of a rare thing but I
happen to like it. System is rather old core2duo running 32-bit system:
% cat /proc/version 
Linux version 2.6.38.6 (bostik@...n) (gcc version 4.6.1 20110507
(prerelease) (Debian 4.6.0-7) ) #2 SMP PREEMPT Sun May 15 08:07:07 EEST
2011

  Dmesg attached.


  This is what my .config says about USB:
% zgrep USB /proc/config.gz | grep -v ^#
CONFIG_BT_HCIBTUSB=m
CONFIG_BT_HCIBFUSB=m
CONFIG_USB_USBNET=m
CONFIG_USB_NET_AX8817X=m
CONFIG_USB_NET_CDCETHER=m
CONFIG_USB_NET_CDC_NCM=m
CONFIG_USB_NET_NET1080=m
CONFIG_USB_NET_ZAURUS=m
CONFIG_SND_USB=y
CONFIG_USB_HID=m
CONFIG_USB_HIDDEV=y
CONFIG_USB_SUPPORT=y
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB_ARCH_HAS_OHCI=y
CONFIG_USB_ARCH_HAS_EHCI=y
CONFIG_USB=m
CONFIG_USB_DEVICEFS=y
CONFIG_USB_DEVICE_CLASS=y
CONFIG_USB_MON=m
CONFIG_USB_EHCI_HCD=m
CONFIG_USB_EHCI_ROOT_HUB_TT=y
CONFIG_USB_UHCI_HCD=m
CONFIG_USB_ACM=m
CONFIG_USB_STORAGE=m

  And this is what it says about UDF:
% zgrep UDF /proc/config.gz             
CONFIG_UDF_FS=m
CONFIG_UDF_NLS=y

  When mounted, the UDF filesystem produces this:
/dev/sdf1 on /media/usb0 type udf (rw,noexec,nodev,noatime,nodiratime)

  And when it is removed, I get a series of four consecutive oops
messages. The oopses are attached.
- oops.txt is the original one
- oops2.txt is the first reproduction on 2.6.38.6
- oops3.txt is the reproduction on 2.6.39

  I have included the immediately preceding log lines from usbmount for
context. Is there any other information I could provide?

  Output of lspci -vvv, filtered to USB controllers only:

00:1a.0 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #4 (rev 02) (prog-if 00 [UHCI])
  Subsystem: Intel Corporation Device 514d
  Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
  Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
  Latency: 0
  Interrupt: pin A routed to IRQ 16
  Region 4: I/O ports at 20c0 [size=32]
  Kernel driver in use: uhci_hcd

00:1a.1 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #5 (rev 02) (prog-if 00 [UHCI])
  Subsystem: Intel Corporation Device 514d
  Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
  Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
  Latency: 0
  Interrupt: pin B routed to IRQ 21
  Region 4: I/O ports at 20a0 [size=32]
  Kernel driver in use: uhci_hcd

00:1a.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #2 (rev 02) (prog-if 20 [EHCI])
  Subsystem: Intel Corporation Device 514d
  Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
  Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
  Latency: 0
  Interrupt: pin C routed to IRQ 18
  Region 0: Memory at e0325c00 (32-bit, non-prefetchable) [size=1K]
  Capabilities: [50] Power Management version 2
    Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
    Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
  Capabilities: [58] Debug port: BAR=1 offset=00a0
  Kernel driver in use: ehci_hcd

00:1d.0 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #1 (rev 02) (prog-if 00 [UHCI])
  Subsystem: Intel Corporation Device 514d
  Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
  Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
  Latency: 0
  Interrupt: pin A routed to IRQ 23
  Region 4: I/O ports at 2080 [size=32]
  Kernel driver in use: uhci_hcd

00:1d.1 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #2 (rev 02) (prog-if 00 [UHCI])
  Subsystem: Intel Corporation Device 514d
  Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
  Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
  Latency: 0
  Interrupt: pin B routed to IRQ 19
  Region 4: I/O ports at 2060 [size=32]
  Kernel driver in use: uhci_hcd

00:1d.2 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #3 (rev 02) (prog-if 00 [UHCI])
  Subsystem: Intel Corporation Device 514d
  Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
  Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
  Latency: 0
  Interrupt: pin C routed to IRQ 18
  Region 4: I/O ports at 2040 [size=32]
  Kernel driver in use: uhci_hcd

00:1d.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #1 (rev 02) (prog-if 20 [EHCI])
  Subsystem: Intel Corporation Device 514d
  Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
  Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
  Latency: 0
  Interrupt: pin A routed to IRQ 23
  Region 0: Memory at e0325800 (32-bit, non-prefetchable) [size=1K]
  Capabilities: [50] Power Management version 2
    Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
    Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
  Capabilities: [58] Debug port: BAR=1 offset=00a0
  Kernel driver in use: ehci_hcd



-- 
 Mika Boström                       Individualisti, eksistentialisti,
 www.iki.fi/bostik                  rationalisti ja mulkvisti
 GPG: 0x2AED22CC; 6FC9 8375 31B7 3BA2 B5DC  484E F19F 8AD6 2AED 22CC

View attachment "oops.txt" of type "text/plain" (16406 bytes)

View attachment "oops2.txt" of type "text/plain" (16260 bytes)

View attachment "oops3.txt" of type "text/plain" (15163 bytes)

View attachment "dmesg.txt" of type "text/plain" (30903 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ