lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 17 Mar 2022 17:11:42 +0100
From:   Sven Schnelle <svens@...ux.ibm.com>
To:     Ritesh Harjani <riteshh@...ux.ibm.com>
Cc:     Steven Rostedt <rostedt@...dmis.org>, linux-ext4@...r.kernel.org,
        Jan Kara <jack@...e.cz>, "Theodore Ts'o" <tytso@....edu>,
        Harshad Shirwadkar <harshadshirwadkar@...il.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...nel.org, hca@...ux.ibm.com
Subject: Re: [PATCHv3 02/10] ext4: Fix ext4_fc_stats trace point

Hi,

Ritesh Harjani <riteshh@...ux.ibm.com> writes:

> On 22/03/17 01:01PM, Sven Schnelle wrote:
>> Ritesh Harjani <riteshh@...ux.ibm.com> writes:
>>
>> [    0.958403] Hardware name: IBM 3906 M04 704 (z/VM 7.1.0)
>> [    0.958407] Workqueue: eval_map_wq eval_map_work_func
>>
>> [    0.958446] Krnl PSW : 0704e00180000000 000000000090a9d6 (number+0x25e/0x3c0)
>> [    0.958456]            R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
>> [    0.958461] Krnl GPRS: 0000000000000058 00000000010de0ac 0000000000000001 00000000fffffffc
>> [    0.958467]            0000038000047b80 0affffff010de0ab 0000000000000000 0000000000000000
>> [    0.958481]            0000000000000020 0000038000000000 00000000010de0ad 00000000010de0ab
>> [    0.958484]            0000000080312100 0000000000e68910 0000038000047b50 0000038000047ab8
>> [    0.958494] Krnl Code: 000000000090a9c6: f0c84112b001        srp     274(13,%r4),1(%r11),8
>> [    0.958494]            000000000090a9cc: 41202001            la      %r2,1(%r2)
>> [    0.958494]           #000000000090a9d0: ecab0006c065        clgrj   %r10,%r11,12,000000000090a9dc
>> [    0.958494]           >000000000090a9d6: d200b0004000        mvc     0(1,%r11),0(%r4)
>> [    0.958494]            000000000090a9dc: 41b0b001            la      %r11,1(%r11)
>> [    0.958494]            000000000090a9e0: a74bffff
>>             aghi    %r4,-1
>> [    0.958494]            000000000090a9e4: a727fff6            brctg   %r2,000000000090a9d0
>> [    0.958494]            000000000090a9e8: a73affff            ahi     %r3,-1
>> [    0.958575] Call Trace:
>> [    0.958580]  [<000000000090a9d6>] number+0x25e/0x3c0
>> [    0.958594] ([<0000000000289516>] update_event_printk+0xde/0x200)
>> [    0.958602]  [<0000000000910020>] vsnprintf+0x4b0/0x7c8
>> [    0.958606]  [<00000000009103e8>] snprintf+0x40/0x50
>> [    0.958610]  [<00000000002893d2>] eval_replace+0x62/0xc8
>> [    0.958614]  [<000000000028e2fe>] trace_event_eval_update+0x206/0x248
>
> This looks like you must have this patch from Steven as well [2].
> Although I did test the patch and didn't see such a crash on my qemu box [3].
>
> [2]: https://lore.kernel.org/linux-ext4/20220310233234.4418186a@gandalf.local.home/
> [3]: https://lore.kernel.org/linux-ext4/20220311051249.ltgqbjjothbrkbno@riteshh-domain/
>
> @Steven,
> Sorry to bother. But does this crash strike anything obvious to you?

Looking at the oops output again made me realizes that the snprintf
tries to write into pages that are mapped RO. Talking to Heiko he
mentioned that s390 maps rodata/text RO when setting up the initial
mapping while x86 has a RW mapping in the beginning and changes that
later to RO. I haven't verified that, but that might be a reason why it
works on x86.

Thanks
Sven

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ