lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 24 Jun 2016 22:33:02 -0400
From:	Sasha Levin <sasha.levin@...cle.com>
To:	Shaohua Li <shli@...com>, linux-kernel@...r.kernel.org
Cc:	axboe@...nel.dk, tj@...nel.org, Kernel-team@...com
Subject: Re: [PATCH] block-dev: enable writeback cgroup support

On 02/01/2016 08:50 PM, Shaohua Li wrote:
> block_dev's .writepages/.writepage already handles
> wbc_init_bio/wbc_account_io. We only set the SB_I_CGROUPWB bit to
> suppport writeback cgroup support.
> 
> Signed-off-by: Shaohua Li <shli@...com>

Hey Shaohua,

I'm seeing the following while fuzzing:

[  496.950320] kasan: CONFIG_KASAN_INLINE enabled
[  496.950952] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  496.950954] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  496.950978] Modules linked in:
[  496.951026] CPU: 4 PID: 8535 Comm: syz-executor Tainted: G        W       4.7.0-rc4-next-20160624-sasha-00024-gdee1616 #3132
[  496.951051] task: ffff8801bb0a9000 ti: ffff8801b5b70000 task.ti: ffff8801b5b70000
[  496.951406] RIP: bd_mount (fs/block_dev.c:663)
[  496.951423] RSP: 0018:ffff8801b5b77c48  EFLAGS: 00010207
[  496.951437] RAX: dffffc0000000000 RBX: ffffffffffffffff RCX: 0000000000000000
[  496.951452] RDX: 000000000000000c RSI: ffffffffaa2dc3e0 RDI: 0000000000000067
[  496.951466] RBP: ffff8801b5b77c58 R08: ffff8801c45b8008 R09: 0000000000000000
[  496.951522] R10: ffffed00190c9c00 R11: 0000000000000000 R12: ffffffffabba6360
[  496.951533] R13: ffff8800c79c92b8 R14: ffff8800c864e000 R15: 0000000000008011
[  496.951545] FS:  00007fc253974700(0000) GS:ffff8801d4100000(0000) knlGS:0000000000000000
[  496.951553] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  496.951561] CR2: 00000000006f0000 CR3: 00000001b876c000 CR4: 00000000000406a0
[  496.951577] Stack:
[  496.951593]  ffff8801d0af1160 ffffffffabba6360 ffff8801b5b77c98 ffffffff9d831a20
[  496.951607]  00000000000024ee ffff8800c1b1b040 ffffffffabba6360 ffff8800c79c92b8
[  496.951622]  0000000000008011 fffffffffffffff4 ffff8801b5b77cd8 ffffffff9d88bf7a
[  496.951625] Call Trace:
[  496.951660] mount_fs (fs/super.c:1178)
[  496.951682] vfs_kern_mount (fs/namespace.c:949)
[  496.951701] do_mount (fs/namespace.c:2393 fs/namespace.c:2714)
[  496.951733] ? ___slab_alloc (mm/slub.c:2576)
[  496.951751] ? copy_mount_string (fs/namespace.c:2645)
[  496.953177] ? preempt_schedule_irq (./arch/x86/include/asm/bitops.h:311 include/linux/thread_info.h:92 include/linux/sched.h:3269 kernel/sched/core.c:3535)
[  496.953447] ? __sanitizer_cov_trace_pc (kernel/kcov.c:72)
[  496.953469] ? copy_mount_options (fs/namespace.c:2622)
[  496.953486] SyS_mount (fs/namespace.c:2908 fs/namespace.c:2883)
[  496.953501] ? copy_mnt_ns (fs/namespace.c:2883)
[  496.953542] do_syscall_64 (arch/x86/entry/common.c:284)
[  496.953560] entry_SYSCALL64_slow_path (arch/x86/entry/entry_64.S:251)
[ 496.953700] Code: a0 d9 73 a7 e8 43 e8 fc ff 48 85 c0 48 89 c3 74 63 e8 86 54 cf ff 48 8d 7b 68 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 74 05 e8 c6 9b ed ff 4c 8b 63 68 4d 85 e4 75 0e 31
All code
========
   0:   a0 d9 73 a7 e8 43 e8    movabs 0xfffce843e8a773d9,%al
   7:   fc ff
   9:   48 85 c0                test   %rax,%rax
   c:   48 89 c3                mov    %rax,%rbx
   f:   74 63                   je     0x74
  11:   e8 86 54 cf ff          callq  0xffffffffffcf549c
  16:   48 8d 7b 68             lea    0x68(%rbx),%rdi
  1a:   48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
  21:   fc ff df
  24:   48 89 fa                mov    %rdi,%rdx
  27:   48 c1 ea 03             shr    $0x3,%rdx
  2b:*  80 3c 02 00             cmpb   $0x0,(%rdx,%rax,1)               <-- trapping instruction
  2f:   74 05                   je     0x36
  31:   e8 c6 9b ed ff          callq  0xffffffffffed9bfc
  36:   4c 8b 63 68             mov    0x68(%rbx),%r12
  3a:   4d 85 e4                test   %r12,%r12
  3d:   75 0e                   jne    0x4d
  3f:   31 00                   xor    %eax,(%rax)

Code starting with the faulting instruction
===========================================
   0:   80 3c 02 00             cmpb   $0x0,(%rdx,%rax,1)
   4:   74 05                   je     0xb
   6:   e8 c6 9b ed ff          callq  0xffffffffffed9bd1
   b:   4c 8b 63 68             mov    0x68(%rbx),%r12
   f:   4d 85 e4                test   %r12,%r12
  12:   75 0e                   jne    0x22
  14:   31 00                   xor    %eax,(%rax)
[  496.953718] RIP bd_mount (fs/block_dev.c:663)
[  496.953723]  RSP <ffff8801b5b77c48>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ