| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 Jul 2015 10:50:59 +0300 From: Andrey Ryabinin <a.ryabinin@...sung.com> To: Al Viro <viro@...IV.linux.org.uk> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [git pull] vfs part 2 On 07/01/2015 09:27 AM, Al Viro wrote: > On Mon, Jun 22, 2015 at 03:02:11PM +0300, Andrey Ryabinin wrote: >> On 06/22/2015 12:12 AM, Al Viro wrote: >>> On Thu, Apr 23, 2015 at 01:16:15PM +0300, Andrey Ryabinin wrote: >>>> This change caused following: >>> >>>> This could happen when p9pdu_readf() changes 'count' to some value > iov_iter_count(from): >>>> >>>> p9_client_write(): >>>> <...> >>>> int count = iov_iter_count(from); >>>> <...> >>>> *err = p9pdu_readf(req->rc, clnt->proto_version, "d", &count); >>>> <...> >>>> iov_iter_advance(from, count); >>> >>> *blink* >>> >>> That's a bug, all right, but I would love to see how you trigger it. >>> It would require server to respond to "write that many bytes" with "OK, >>> <greater number> bytes written". We certainly need to cope with that >>> (we can't trust the server to be sane), but if that's what is going on, >>> you've got a server bug as well. >>> >>> Could you check if the patch below triggers WARN_ON() in it on your >>> reproducer? p9_client_read() has a similar issue as well... >>> >> >> I've tried something like your patch before to check the read side >> and I haven't seen anything before and don't see it right now. >> Though, this doesn't mean that there is no problem with read. >> I mean that trinity hits this on write and may just not hit this on read. > > "This" being the WARN_ON() in that patch? Yes. > Could you please run the same > test with the following delta and post its printks? # dmesg | grep fucked [ 114.732166] fucked: sent 2037, server says it got 2047 (err = 0) [ 124.937105] fucked: sent 27, server says it got 4096 (err = 0) [ 154.075400] fucked: sent 19, server says it got 4096 (err = 0) > It's one thing if > you are hitting a buggy server, it gets confused and tells you it has > written more bytes than you told it to write. Quite a different story > in case if we are miscalculating the size we are putting into RWRITE > packet and/or advancing the iterator when we shouldn't... > > What server are you using, BTW? And which transport (virtio or network - > IOW, is it zero-copy path or not)? qemu v2.2.1, virtio transport. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists