lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20220608150223.7mp6v3pinxgoyzv5@quack3.lan>
Date:   Wed, 8 Jun 2022 17:02:23 +0200
From:   Jan Kara <jack@...e.cz>
To:     Ritesh Harjani <ritesh.list@...il.com>
Cc:     Jan Kara <jack@...e.cz>, Ted Tso <tytso@....edu>,
        linux-ext4@...r.kernel.org
Subject: Re: [PATCH 0/2] ext4: Fix possible fs corruption due to xattr races

On Wed 08-06-22 11:54:25, Jan Kara wrote:
> On Wed 08-06-22 10:21:00, Ritesh Harjani wrote:
> > On 22/06/06 04:28PM, Jan Kara wrote:
> > > Hello,
> > >
> > > I've tracked down the culprit of the jbd2 assertion Ritesh reported to me. In
> > 
> > Hello Jan,
> > 
> > Thanks for working on the problem and identifying the race.
> > 
> > > the end it does not have much to do with jbd2 but rather points to a subtle
> > > race in xattr code between xattr block reuse and xattr block freeing that can
> > > result in fs corruption during journal replay. See patch 2/2 for more details.
> > > These patches fix the problem. I have to say I'm not too happy with the special
> > 
> > So while I was still reviewing this patch-set, I thought of giving a try with some
> > stress test for xattrs (given that this is some sort of race which is not always
> > easy to track down).
> > 
> > So it seems it is easy to recreate the crash with stress-ng xattr test (even
> > with your patches included).
> > 	stress-ng --xattr 16 --timeout=10000s
> > 
> > Hope this might help further narrow down the problem.
> 
> Drat. I was actually running "stress-ng --xattr
> <some-number-I-dont-remember>" to test my patches and it
> didn't reproduce the crash for me within 5 minutes or so. Let me try harder
> and thanks for the testing!

Indeed, I forgot to enable JBD2_DEBUG in my kernel config and so the
assertion was not triggering for me. Now I can reproduce the issue even
with my patches (although it takes longer to reproduce) so I'm digging more
into it.

							Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ