lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 13 Feb 2020 14:38:19 +0800
From:   "zhangyi (F)" <yi.zhang@...wei.com>
To:     <jack@...e.cz>, <tytso@....edu>
CC:     <linux-ext4@...r.kernel.org>, <yi.zhang@...wei.com>,
        <luoshijie1@...wei.com>, <zhangxiaoxu5@...wei.com>
Subject: [PATCH v3 0/2] jbd2: fix an oops problem

Changes since v2:
 - Back to use "mapping && !sb_is_blkdev_sb(mapping->host->i_sb)" to
   distinguish metadata buffers, and add more comments.
 - Add 'Reviewed-by' to the first patch.

Changes since v1:
 - Switch to clear b_modified just after set_buffer_freed() instead of
   reuse codes at the end of journal_unmap_buffer().
 - Switch to distinguish metadata buffers through the page mapping dev.

Thanks,
Yi.

--------------
Original description:

We encountered a jbd2 oops problem on an aarch64 machine with 4K block
size and 64K page size when doing stress tests.

 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
 ...
 user pgtable: 64k pages, 42-bit VAs, pgdp = (____ptrval____)
 ...
 pc : jbd2_journal_put_journal_head+0x7c/0x284
 lr : jbd2_journal_put_journal_head+0x3c/0x284
 ...
 Call trace:
  jbd2_journal_put_journal_head+0x7c/0x284
  __jbd2_journal_refile_buffer+0x164/0x188
  jbd2_journal_commit_transaction+0x12a0/0x1a50
  kjournald2+0xd0/0x260
  kthread+0x134/0x138
  ret_from_fork+0x10/0x1c
 Code: 51000400 b9000ac0 35000760 f9402274 (b9400a80)
 ---[ end trace 8fa99273d06aeb63 ]---

These patch set can fix this issue, the first patch is just a cleanup
patch, and the second one describe the root cause and fix it.


zhangyi (F) (2):
  jbd2: move the clearing of b_modified flag to the
    journal_unmap_buffer()
  jbd2: do not clear the BH_Mapped flag when forgetting a metadata
    buffer

 fs/jbd2/commit.c      | 46 +++++++++++++++++++++++--------------------
 fs/jbd2/transaction.c | 10 ++++++----
 2 files changed, 31 insertions(+), 25 deletions(-)

-- 
2.17.2

Powered by blists - more mailing lists