lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 03 Jun 2011 11:01:37 +0400
From:	Michael Tokarev <mjt@....msk.ru>
To:	Atsushi Nemoto <anemo@....ocn.ne.jp>
CC:	James.Bottomley@...senPartnership.com,
	Jens Axboe <axboe@...nel.dk>, greg@...ah.com, jslaby@...e.cz,
	stable@...nel.org, jejb@...isc-linux.org,
	linux-kernel@...r.kernel.org
Subject: Re: [stable] apparent regression (crash) - 2.6.38.6

01.06.2011 16:34, Atsushi Nemoto wrote:
> On Thu, 19 May 2011 07:39:27 +0400, James Bottomley <James.Bottomley@...senPartnership.com> wrote:
>>>>>>> [  106.994628] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
>>>>>>> [  106.994755] IP: [<ffffffff811bec1b>] elv_queue_empty+0x1b/0x30
>>>>>
>>>>> Hmm, it's another missing elevator guard, like this patch:
>>>>>
>>>>> http://marc.info/?l=linux-scsi&m=130348673628282
>>>>>
>>>>> I think the bug here is that q->elevator is null, so dereferencing
>>>>> elevator->ops gives the bug.
>>>>
>>>> Is this patch going to Linus anytime soon?
>>>
>>> Ping?
>>
>> I pinged Jens about it yesterday; he said it should be on its way to
>> Linus.
> 
> The patch in above URL ("block: add proper state guards to
> __elv_next_request") is in mainline and stable-queues now, but how
> about a similar fix for elv_queue_empty()?
> 
> The elv_queue_empty() is removed in mainline, but it seems
> stable-2.6.38.x and prior stable-branches still need the fix for
> elv_queue_empty().

Something like this?  (run-tested but I haven't seen the problem
in this place)

commit 2e8532e0a9ee1d25b279ac78ee8ce31701e2aa15
Author: Michael Tokarev <mjt@....msk.ru>
Date:   Fri Jun 3 10:50:49 2011 +0400

    block: add proper state guards to elv_queue_empty()

    Like in 0a58e077eb600d1efd7e54ad9926a75a39d7f8ae (backported to
    stable 2.6.38 as 0a58e077eb600d1efd7e54ad9926a75a39d7f8ae) which
    fixes this for __elv_next_request(), as reported by Atsushi Nemoto,
    elv_queue_empty() also needs to check for dead queue condition
    before touchin elevator.

    elv_queue_empty() has been removed upstream so this is only applicable
    for versions prior to 2.6.39, including 2.6.32-longterm.

    Signed-Off-By: Michael Tokarev <mjt@....msk.ru>

diff --git a/block/elevator.c b/block/elevator.c
index 236e93c..30cec25 100644
--- a/block/elevator.c
+++ b/block/elevator.c
@@ -727,7 +727,8 @@ int elv_queue_empty(struct request_queue *q)
 	if (!list_empty(&q->queue_head))
 		return 0;

-	if (e->ops->elevator_queue_empty_fn)
+	if (!test_bit(QUEUE_FLAG_DEAD, &q->queue_flags) &&
+	    e->ops->elevator_queue_empty_fn)
 		return e->ops->elevator_queue_empty_fn(q);

 	return 1;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ