| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Apr 2019 10:16:09 -0700
From: Guenter Roeck <groeck@...gle.com>
To: "Darrick J. Wong" <darrick.wong@...cle.com>
Cc: Zubin Mithra <zsm@...omium.org>,
"# v4 . 10+" <stable@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Guenter Roeck <groeck@...omium.org>, bo.li.liu@...cle.com,
viro@...iv.linux.org.uk, linux-ext4 <linux-ext4@...r.kernel.org>
Subject: Re: 5a9d929d6e13 ("iomap: report collisions between directio and
buffered writes to userspace")
On Tue, Apr 23, 2019 at 10:01 AM Darrick J. Wong
<darrick.wong@...cle.com> wrote:
>
> On Tue, Apr 23, 2019 at 09:30:22AM -0700, Zubin Mithra wrote:
> > Hello,
> >
> > Syzkaller has triggered a kernel WARNING with the following stacktrace when fuzzing a 4.14 kernel.
> >
> > Call Trace:
> > __dump_stack lib/dump_stack.c:17 [inline]
> > dump_stack+0xb7/0x107 lib/dump_stack.c:53
> > panic+0x1c9/0x3ae kernel/panic.c:181
> > __warn+0x160/0x1a8 kernel/panic.c:543
> > report_bug+0x123/0x18b lib/bug.c:186
> > fixup_bug+0x3e/0x77 arch/x86/kernel/traps.c:177
> > do_error_trap+0xdd/0x1e6 arch/x86/kernel/traps.c:295
> > invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:944
> > do_blockdev_direct_IO+0x1b08/0x1b95 fs/direct-io.c:1373
> > ext4_direct_IO_write fs/ext4/inode.c:3696 [inline]
> > ext4_direct_IO+0x8de/0xdad fs/ext4/inode.c:3826
> > generic_file_direct_write+0x223/0x36b mm/filemap.c:2927
> > __generic_file_write_iter+0x12f/0x2f8 mm/filemap.c:3106
> > ext4_file_write_iter+0x97d/0xade fs/ext4/file.c:264
> > call_write_iter include/linux/fs.h:1782 [inline]
> > do_iter_readv_writev+0x1e4/0x27c fs/read_write.c:678
> > do_iter_write+0x136/0x18f fs/read_write.c:957
> > vfs_iter_write+0x81/0x98 fs/read_write.c:970
> > iter_file_splice_write+0x4dc/0x7a6 fs/splice.c:749
> > do_splice_from fs/splice.c:851 [inline]
> > direct_splice_actor+0x11e/0x129 fs/splice.c:1018
> > splice_direct_to_actor+0x342/0x5b0 fs/splice.c:973
> > do_splice_direct+0x180/0x1ff fs/splice.c:1061
> > do_sendfile+0x3e6/0x61c fs/read_write.c:1438
> > SYSC_sendfile64 fs/read_write.c:1499 [inline]
> > SyS_sendfile64+0xe9/0x128 fs/read_write.c:1485
> > do_syscall_64+0x203/0x241 arch/x86/entry/common.c:290
> > entry_SYSCALL_64_after_hwframe+0x42/0xb7
> >
> > Could the following patch be applied in order to v4.14.y(The patch is present in v4.19.y)?
> > 5a9d929d6e13 ("iomap: report collisions between directio and buffered writes to userspace")
>
> That patch only teaches the kernel to emit warnings in dmesg when
> programs mix directio and buffered writes. It doesn't fix any buggy
> directio usage. Someone on the ext4 list [cc'd] might know more about
> this.
>
Not sure I understand. Is your argument that systems configured to
panic on warnings should indeed panic if the situation is encountered,
ie that the backtrace and potential panic is warranted ? Isn't this a
potential DOS problem if the situation can be triggered from userspace
on such systems ?
Thanks,
Guenter
> --D
>
> >
> > Tests run:
> > - Chrome OS tryjobs
> > - Syzkaller reproducer
> >
> >
> > Thanks,
> > - Zubin
Powered by blists - more mailing lists