| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <356f8764-9699-e268-681f-0531d284079f@linux.ibm.com>
Date: Fri, 18 Sep 2020 16:59:42 +0530
From: Ritesh Harjani <riteshh@...ux.ibm.com>
To: Adrian Huang <adrianhuang0701@...il.com>, linux-nvdimm@...ts.01.org
Cc: Yi Zhang <yi.zhang@...hat.com>,
Mikulas Patocka <mpatocka@...hat.com>, Jan Kara <jack@...e.cz>,
Adrian Huang <ahuang12@...ovo.com>, Coly Li <colyli@...e.de>,
linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v3 1/1] dax: Fix stack overflow when mounting fsdax pmem
device
ccing fs list
On 9/17/20 4:45 PM, Adrian Huang wrote:
> From: Adrian Huang <ahuang12@...ovo.com>
>
> When mounting fsdax pmem device, commit 6180bb446ab6 ("dax: fix
> detection of dax support for non-persistent memory block devices")
> introduces the stack overflow [1][2]. Here is the call path for
> mounting ext4 file system:
> ext4_fill_super
> bdev_dax_supported
> __bdev_dax_supported
> dax_supported
> generic_fsdax_supported
> __generic_fsdax_supported
> bdev_dax_supported
>
> The call path leads to the infinite calling loop, so we cannot
> call bdev_dax_supported() in __generic_fsdax_supported(). The sanity
> checking of the variable 'dax_dev' is moved prior to the two
> bdev_dax_pgoff() checks [3][4].
>
> [1] https://lore.kernel.org/linux-nvdimm/1420999447.1004543.1600055488770.JavaMail.zimbra@redhat.com/
> [2] https://lore.kernel.org/linux-nvdimm/alpine.LRH.2.02.2009141131220.30651@file01.intranet.prod.int.rdu2.redhat.com/
> [3] https://lore.kernel.org/linux-nvdimm/CA+RJvhxBHriCuJhm-D8NvJRe3h2MLM+ZMFgjeJjrRPerMRLvdg@mail.gmail.com/
> [4] https://lore.kernel.org/linux-nvdimm/20200903160608.GU878166@iweiny-DESK2.sc.intel.com/
>
> Fixes: 6180bb446ab6 ("dax: fix detection of dax support for non-persistent memory block devices")
> Reported-by: Yi Zhang <yi.zhang@...hat.com>
> Reported-by: Mikulas Patocka <mpatocka@...hat.com>
> Signed-off-by: Adrian Huang <ahuang12@...ovo.com>
> Reviewed-by: Jan Kara <jack@...e.cz>
> Cc: Coly Li <colyli@...e.de>
> Cc: Ira Weiny <ira.weiny@...el.com>
> Cc: John Pittman <jpittman@...hat.com>
Although I see that this is fix is already applied but ccing fsdevel and
ext4 since I ended up debugging and coming to the same conclusion as
this patch is fixing the recursion loop.
If not already applied then feel free to add:
Tested-by: Ritesh Harjani <riteshh@...ux.ibm.com>
> ---
> Changelog:
> v3:
> 1. Add Reviewed-by from Jan
> 2. Add Reported-by
> 3. Replace lists.01.org with lore.kernel
> v2:
> Remove the checking for the returned value '-EOPNOTSUPP' of
> dax_direct_access(). Jan has prepared a patch to address the
> issue in dm.
> ---
> drivers/dax/super.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/dax/super.c b/drivers/dax/super.c
> index e5767c83ea23..11d0541e6f8f 100644
> --- a/drivers/dax/super.c
> +++ b/drivers/dax/super.c
> @@ -85,6 +85,12 @@ bool __generic_fsdax_supported(struct dax_device *dax_dev,
> return false;
> }
>
> + if (!dax_dev) {
> + pr_debug("%s: error: dax unsupported by block device\n",
> + bdevname(bdev, buf));
> + return false;
> + }
> +
> err = bdev_dax_pgoff(bdev, start, PAGE_SIZE, &pgoff);
> if (err) {
> pr_info("%s: error: unaligned partition for dax\n",
> @@ -100,12 +106,6 @@ bool __generic_fsdax_supported(struct dax_device *dax_dev,
> return false;
> }
>
> - if (!dax_dev || !bdev_dax_supported(bdev, blocksize)) {
> - pr_debug("%s: error: dax unsupported by block device\n",
> - bdevname(bdev, buf));
> - return false;
> - }
> -
> id = dax_read_lock();
> len = dax_direct_access(dax_dev, pgoff, 1, &kaddr, &pfn);
> len2 = dax_direct_access(dax_dev, pgoff_end, 1, &end_kaddr, &end_pfn);
>
Powered by blists - more mailing lists