lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Sep 2006 11:47:19 -0700 From: Andrew Morton <akpm@...l.org> To: Olaf Hering <olh@...e.de> Cc: linux-kernel@...r.kernel.org, Al Viro <viro@....linux.org.uk> Subject: Re: [PATCH] cramfs corruption after BLKFLSBUF on loop device On Wed, 20 Sep 2006 15:20:11 +0200 Olaf Hering <olh@...e.de> wrote: > On Thu, Jun 01, Olaf Hering wrote: > > > ... > > Error -3 while decompressing! > > c0000000009592a2(2649)->c0000000edf87000(4096) > > Error -3 while decompressing! > > c000000000959298(2520)->c0000000edbc7000(4096) > > Error -3 while decompressing! > > c000000000959c70(2489)->c0000000f1482000(4096) > > Error -3 while decompressing! > > c00000000095a629(2355)->c0000000edaff000(4096) > > Error -3 while decompressing! > > ... > > Today I looked at this bug again and found that 2.6.18-rc6-git2 has > fix for this. Is the patch below supposed to fix the cramfs corruption > or does it just paper over the bug? > > ... > cramfs_read() clears parts of the src buffer because the page is not > uptodate. invalidate_bdev() called from block_ioctl(BLKFLSBUF) will set > ClearPageUptodate() after cramfs_read() got the page from read_cache_page() > ... > > /root/cramfscrash.sh > #!/bin/bash > # cd /dev/shm/ > # tar xfz /mounts/mirror/kernel/v2.6/linux-2.6.18.tar.gz > # cd linux-2.6.18/ > # mkfs.cramfs drivers /tmp/cramfs.image > mount -vnt proc proc /proc > echo 1 > /proc/sys/kernel/panic > echo 9 > /proc/sysrq-trigger That's a novel way of setting the log level. > mount -vnt sysfs sysfs /sys > modprobe -v loop > mount -vnt cramfs -o loop /tmp/cramfs.image /mnt > while :;do /sbin/blockdev --flushbufs /dev/loop0;done </dev/null &>/dev/null& > while :;do /usr/bin/find /mnt -type f -print0|xargs -0 cat &>/dev/null;done > > > kernel cmdline > xmon=off panic=1 sysrq=1 quiet root=/dev/disk/by-uuid/d50e4029-2e91-4332-bb16-24f946a74d3f ro init=/root/cramfscrash.sh > > > > 016eb4a0ed06a3677d67a584da901f0e9a63c666.patch > From: Andrew Morton <akpm@...l.org> > > If a CPU faults this page into pagetables after invalidate_mapping_pages() > checked page_mapped(), invalidate_complete_page() will still proceed to remove > the page from pagecache. This leaves the page-faulting process with a > detached page. If it was MAP_SHARED then file data loss will ensue. > > Fix that up by checking the page's refcount after taking tree_lock. Yes, I think this is a reasonable solution to the cramfs race. Previously, invalidate_inode_pages() was removing pages from pagecache even if some other thread had a ref against them, which is pretty bad behaviour. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists