lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 30 Jul 2018 11:46:16 +0000
From:   bugzilla-daemon@...zilla.kernel.org
To:     linux-ext4@...nel.org
Subject: [Bug 200681] New: [inline_data] read() does not see what write() has
 just written through different FD in the same thread

https://bugzilla.kernel.org/show_bug.cgi?id=200681

            Bug ID: 200681
           Summary: [inline_data] read() does not see what write() has
                    just written through different FD in the same thread
           Product: File System
           Version: 2.5
    Kernel Version: v4.18-rc7 and tytso/dev (commit f4a79b7b4)
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@...nel-bugs.osdl.org
          Reporter: anatoly.trosinenko@...il.com
        Regression: No

Created attachment 277603
  --> https://bugzilla.kernel.org/attachment.cgi?id=277603&action=edit
Kernel config

# How to reproduce:
1) Compile v4.18-rc7 or tytso/dev (commit f4a79b7b4) with the attached config
2) Run mkinitrd.sh to create a self contained initrd reproducer and ext4 image
3) Run
   qemu-system-x86_64 -kernel /path/to/linux.git/arch/x86/boot/bzImage -initrd
./initrd.cpio -m 128M -drive file=ext4.img,index=0,format=raw

# What happens:

When reproducer is run:

[CUT]
char buf  [100000];
char rdbuf[100000];

int main() {
  for (int i = 0; i < sizeof(buf); ++i)
    buf[i] = i + 1;
  int fd1 = creat("/mnt/xyz", 0660);
  write(fd1, buf, 48);
  int fd2 = open("/mnt/xyz", O_RDONLY, 0660);
  write(fd1, buf, 17968);

  int res1 = read(fd2, rdbuf, 17968);
  memset(rdbuf, -1, sizeof(rdbuf));
  int res2 = read(fd2, rdbuf, 12336);
  fprintf(stderr, "res1 = %d res2 = %d\t\tfirst bytes of data are: %02x %02x
%02x...\n", res1, res2, rdbuf[0], rdbuf[1], rdbuf[2]);
  return 0;
}
[/CUT]

The following output occurs:


[CUT]
Mounting...
[    4.773445] EXT4-fs (sda): mounted filesystem with ordered data mode. Opts:
(null)
Running reproducer...
res1 = 17968 res2 = 48          first bytes of data are: 00 00 00...


BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

/bin/sh: can't access tty; job control turned off
/ # [    6.400525] ext4lazyinit (1013) used greatest stack depth: 13968 bytes
left
[/CUT]


Output 00 00 00 instead of 01 02 03 looks quite suspicious. On the other hand,
I'm not sure this is forbidden by POSIX.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists