lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 23 Apr 2019 10:16:09 -0700
From:   Guenter Roeck <groeck@...gle.com>
To:     "Darrick J. Wong" <darrick.wong@...cle.com>
Cc:     Zubin Mithra <zsm@...omium.org>,
        "# v4 . 10+" <stable@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Guenter Roeck <groeck@...omium.org>, bo.li.liu@...cle.com,
        viro@...iv.linux.org.uk, linux-ext4 <linux-ext4@...r.kernel.org>
Subject: Re: 5a9d929d6e13 ("iomap: report collisions between directio and
 buffered writes to userspace")

On Tue, Apr 23, 2019 at 10:01 AM Darrick J. Wong
<darrick.wong@...cle.com> wrote:
>
> On Tue, Apr 23, 2019 at 09:30:22AM -0700, Zubin Mithra wrote:
> > Hello,
> >
> > Syzkaller has triggered a kernel WARNING with the following stacktrace when fuzzing a 4.14 kernel.
> >
> > Call Trace:
> >  __dump_stack lib/dump_stack.c:17 [inline]
> >  dump_stack+0xb7/0x107 lib/dump_stack.c:53
> >  panic+0x1c9/0x3ae kernel/panic.c:181
> >  __warn+0x160/0x1a8 kernel/panic.c:543
> >  report_bug+0x123/0x18b lib/bug.c:186
> >  fixup_bug+0x3e/0x77 arch/x86/kernel/traps.c:177
> >  do_error_trap+0xdd/0x1e6 arch/x86/kernel/traps.c:295
> >  invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:944
> >  do_blockdev_direct_IO+0x1b08/0x1b95 fs/direct-io.c:1373
> >  ext4_direct_IO_write fs/ext4/inode.c:3696 [inline]
> >  ext4_direct_IO+0x8de/0xdad fs/ext4/inode.c:3826
> >  generic_file_direct_write+0x223/0x36b mm/filemap.c:2927
> >  __generic_file_write_iter+0x12f/0x2f8 mm/filemap.c:3106
> >  ext4_file_write_iter+0x97d/0xade fs/ext4/file.c:264
> >  call_write_iter include/linux/fs.h:1782 [inline]
> >  do_iter_readv_writev+0x1e4/0x27c fs/read_write.c:678
> >  do_iter_write+0x136/0x18f fs/read_write.c:957
> >  vfs_iter_write+0x81/0x98 fs/read_write.c:970
> >  iter_file_splice_write+0x4dc/0x7a6 fs/splice.c:749
> >  do_splice_from fs/splice.c:851 [inline]
> >  direct_splice_actor+0x11e/0x129 fs/splice.c:1018
> >  splice_direct_to_actor+0x342/0x5b0 fs/splice.c:973
> >  do_splice_direct+0x180/0x1ff fs/splice.c:1061
> >  do_sendfile+0x3e6/0x61c fs/read_write.c:1438
> >  SYSC_sendfile64 fs/read_write.c:1499 [inline]
> >  SyS_sendfile64+0xe9/0x128 fs/read_write.c:1485
> >  do_syscall_64+0x203/0x241 arch/x86/entry/common.c:290
> >  entry_SYSCALL_64_after_hwframe+0x42/0xb7
> >
> > Could the following patch be applied in order to v4.14.y(The patch is present in v4.19.y)?
> > 5a9d929d6e13 ("iomap: report collisions between directio and buffered writes to userspace")
>
> That patch only teaches the kernel to emit warnings in dmesg when
> programs mix directio and buffered writes.  It doesn't fix any buggy
> directio usage.  Someone on the ext4 list [cc'd] might know more about
> this.
>

Not sure I understand. Is your argument that systems configured to
panic on warnings should indeed panic if the situation is encountered,
ie that the backtrace and potential panic is warranted ? Isn't this a
potential DOS problem if the situation can be triggered from userspace
on such systems ?

Thanks,
Guenter

> --D
>
> >
> > Tests run:
> > - Chrome OS tryjobs
> > - Syzkaller reproducer
> >
> >
> > Thanks,
> > - Zubin

Powered by blists - more mailing lists