lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Apr 2017 20:06:07 -0400
From:   Dave Jones <davej@...emonkey.org.uk>
To:     Al Viro <viro@...IV.linux.org.uk>
Cc:     Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: iov_iter_pipe warning.

On Wed, Apr 12, 2017 at 12:56:41AM +0100, Al Viro wrote:
 > On Wed, Apr 12, 2017 at 12:51:58AM +0100, Al Viro wrote:
 > > On Tue, Apr 11, 2017 at 07:45:58PM -0400, Dave Jones wrote:
 > > >  > 	if (file->f_op->splice_write == generic_splice_sendpage) {
 > > >  > 		struct socket *sock = file->private_data;
 > > >  > 		printk(KERN_ERR "socket [%d, %p]\n", sock->type, sock->ops);
 > > >  > 	}
 > > >  > 	printk(KERN_ERR "in->f_op = %p\n", in->f_op);
 > > > 
 > > > Ugh, this explodes with a million errors when I try to compile it. 
 > > > It misses socket definition, and include <linux/net.h> causes another
 > > > cascade of errors about linkage.h and nonsense.
 > > 
 > > Ignore the socket part - you've already triggered it with NFS file as
 > > destination, so this is not particularly interesting.  I would still like
 > > to see in->f_op and even more - the checks in default_file_splice_read().
 > 
 > ... and the latter had a braino - WARN_ON(size != ret), not len != ret.
 > Diff follows:
 
super fast repro..

[   51.795286] WARNING: CPU: 1 PID: 2057 at fs/splice.c:985 splice_direct_to_actor+0x13f/0x280
[   51.806721] CPU: 1 PID: 2057 Comm: trinity-c3 Not tainted 4.11.0-rc6-think+ #9 
[   51.814567] ------------[ cut here ]------------
[   51.814573] WARNING: CPU: 2 PID: 2018 at fs/splice.c:985 splice_direct_to_actor+0x13f/0x280
[   51.852613] Call Trace:
[   51.864076]  dump_stack+0x68/0x93
[   51.875475]  __warn+0xcb/0xf0
[   51.886831]  warn_slowpath_null+0x1d/0x20
[   51.898162]  splice_direct_to_actor+0x13f/0x280
[   51.909509]  ? generic_pipe_buf_nosteal+0x10/0x10
[   51.920949]  do_splice_direct+0x9e/0xd0
[   51.932166]  do_sendfile+0x1d7/0x3c0
[   51.943349]  SyS_sendfile64+0x73/0xe0
[   51.954495]  do_syscall_64+0x66/0x1d0
[   51.965630]  entry_SYSCALL64_slow_path+0x25/0x25
[   51.976718] RIP: 0033:0x7f3e6ecc80f9
[   51.987732] RSP: 002b:00007ffcb8b38728 EFLAGS: 00000246
[   51.998705]  ORIG_RAX: 0000000000000028
[   52.009546] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007f3e6ecc80f9
[   52.020507] RDX: 00007f3e6f264000 RSI: 000000000000011a RDI: 000000000000019b
[   52.031427] RBP: 00007f3e6f382000 R08: 0000000000000010 R09: 0000000000000000
[   52.042263] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000002
[   52.053040] R13: 00007f3e6f382048 R14: 00007f3e6f39ead8 R15: 00007f3e6f382000
[   52.063787] CPU: 2 PID: 2018 Comm: trinity-c6 Not tainted 4.11.0-rc6-think+ #9 
[   52.063997] ---[ end trace 51a5bc02dc45a59d ]---
[   52.063998] in->f_op = ffffffff81c26480, ->splice_write =           (null)
[   52.106748] Call Trace:
[   52.117338]  dump_stack+0x68/0x93
[   52.127832]  __warn+0xcb/0xf0
[   52.138224]  warn_slowpath_null+0x1d/0x20
[   52.148737]  splice_direct_to_actor+0x13f/0x280
[   52.159331]  ? generic_pipe_buf_nosteal+0x10/0x10
[   52.169897]  do_splice_direct+0x9e/0xd0
[   52.180412]  do_sendfile+0x1d7/0x3c0
[   52.190821]  SyS_sendfile64+0x73/0xe0
[   52.201210]  do_syscall_64+0x66/0x1d0
[   52.211503]  entry_SYSCALL64_slow_path+0x25/0x25
[   52.221740] RIP: 0033:0x7f3e6ecc80f9
[   52.231955] RSP: 002b:00007ffcb8b38728 EFLAGS: 00000246
[   52.242137]  ORIG_RAX: 0000000000000028
[   52.252235] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007f3e6ecc80f9
[   52.262453] RDX: 00007f3e6f263000 RSI: 000000000000011d RDI: 000000000000011d
[   52.272637] RBP: 00007f3e6f36d000 R08: 00000000000000c7 R09: ffffffffffffffef
[   52.282775] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000002
[   52.292889] R13: 00007f3e6f36d048 R14: 00007f3e6f39ead8 R15: 00007f3e6f36d000
[   52.304196] ---[ end trace 51a5bc02dc45a59e ]---
[   52.314808] in->f_op = ffffffff81c26480, ->splice_write = ffffffff812b2b20

$ grep  ffffffff812b2b20 /proc/kallsyms 
ffffffff812b2b20 T iter_file_splice_write
$ grep ffffffff81c26480 /proc/kallsyms 
ffffffff81c26480 r shmem_file_operations

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ