lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <17780.62607.544405.181452@cse.unsw.edu.au>
Date:	Tue, 5 Dec 2006 15:24:47 +1100
From:	Neil Brown <neilb@...e.de>
To:	Olaf Titz <olaf@...red.inka.de>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: 2.6.19: OOPS in cat /proc/fs/nfs/exports

On Monday December 4, olaf@...red.inka.de wrote:
> This is 100% reproducible. It hangs exportfs on shutdown.
> 
> Dec  4 19:50:13 glotze kernel: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000040
> Dec  4 19:50:13 glotze kernel:  printing eip:
> Dec  4 19:50:13 glotze kernel: c017254a
> Dec  4 19:50:13 glotze kernel: *pde = 00000000
> Dec  4 19:50:13 glotze kernel: Oops: 0000 [#1]
> Dec  4 19:50:13 glotze kernel: PREEMPT 
> Dec  4 19:50:13 glotze kernel: Modules linked in: nfsd exportfs i915 stv0299 budget_ci budget_core dvb_core saa7146 ttpci_eeprom 8250 serial_core nfs lockd sunrpc tuner tvaudio bttv video_buf ir_common compat_ioctl32 i2c_algo_bit btcx_risc tveeprom i2c_core videodev v4l1_compat v4l2_common ipv6 nvram snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd soundcore snd_page_alloc ide_cd cdrom e100 mii af_packet
> Dec  4 19:50:13 glotze kernel: CPU:    0
> Dec  4 19:50:13 glotze kernel: EIP:    0060:[seq_escape+29/201]    Not tainted VLI
> Dec  4 19:50:13 glotze kernel: EFLAGS: 00010286   (2.6.19 #2)
> Dec  4 19:50:13 glotze kernel: EIP is at seq_escape+0x1d/0xc9
> Dec  4 19:50:13 glotze kernel: eax: c7610000   ebx: c7370e00   ecx: 00001000   edx: c761005c
> Dec  4 19:50:13 glotze kernel: esi: 00000040   edi: d0590384   ebp: cd2115f4   esp: c9543ef4
> Dec  4 19:50:13 glotze kernel: ds: 007b   es: 007b   ss: 0068
> Dec  4 19:50:13 glotze kernel: Process cat (pid: 1379, ti=c9542000 task=c73ea030 task.ti=c9542000)
> Dec  4 19:50:13 glotze kernel: Stack: c7370e00 c017219d 00000004 c7370e00 00000810 cd2115f4 d05878e7 c7370e00 
> Dec  4 19:50:13 glotze kernel:        d059037e d0590343 d059036f 0000fffe 0000fffe 00000004 00000301 d05969d0 
> Dec  4 19:50:13 glotze kernel:        c7370e00 cd2115c0 00000029 c01727c3 00000400 0804c848 cb9cb740 c7370e20 
> Dec  4 19:50:13 glotze kernel: Call Trace:
> Dec  4 19:50:13 glotze kernel:  [seq_printf+46/82] seq_printf+0x2e/0x52
> Dec  4 19:50:13 glotze kernel:  [pg0+270379239/1069880320] svc_export_show+0x1dd/0x2b1 [nfsd]

That shouldn't happen (of course).

There is a place where a failed kstrdup could lead to this, but that
is rather unlikely and wouldn't be as reproducible as this seems to
be.
If you boot up and then immediately shutdown does this error trigger,
it does it have to be up for a while?

Just before shutting down, can you

   cat /proc/fs/nfsd/exports

and see if that works?  If so, can you show me the contents.
If not, can I see your /etc/exports ??

Thanks,

NeilBrown


This patch fixes a problem that is very unlikely to be yours.

Signed-off-by: Neil Brown <neilb@...e.de>

### Diffstat output
 ./net/sunrpc/svcauth_unix.c |    4 ++++
 1 file changed, 4 insertions(+)

diff .prev/net/sunrpc/svcauth_unix.c ./net/sunrpc/svcauth_unix.c
--- .prev/net/sunrpc/svcauth_unix.c	2006-12-05 15:20:26.000000000 +1100
+++ ./net/sunrpc/svcauth_unix.c	2006-12-05 15:20:48.000000000 +1100
@@ -53,6 +53,10 @@ struct auth_domain *unix_domain_find(cha
 			return NULL;
 		kref_init(&new->h.ref);
 		new->h.name = kstrdup(name, GFP_KERNEL);
+		if (new->h.name == NULL) {
+			kree(new);
+			return NULL;
+		}
 		new->h.flavour = &svcauth_unix;
 		new->addr_changes = 0;
 		rv = auth_domain_lookup(name, &new->h);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ