| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Dec 2006 19:51:29 +0100 From: Eric Sesterhenn <snakebyte@....de> To: linux-kernel@...r.kernel.org Cc: shaggy@...tin.ibm.com Subject: [Patch] BUG in fs/jfs/jfs_xtree.c hi, while playing around with fsfuzzer, i got the following oops with jfs: [ 851.804875] BUG at fs/jfs/jfs_xtree.c:760 assert(!BT_STACK_FULL(btstack)) [ 851.805179] ------------[ cut here ]------------ [ 851.805238] kernel BUG at fs/jfs/jfs_xtree.c:760! [ 851.805287] invalid opcode: 0000 [#1] [ 851.805327] PREEMPT [ 851.805391] Modules linked in: [ 851.805469] CPU: 0 [ 851.805474] EIP: 0060:[<c028e57a>] Not tainted VLI [ 851.805482] EFLAGS: 00010286 (2.6.19-git18 #16) [ 851.805620] EIP is at xtSearch+0x2fa/0x6a0 [ 851.805669] eax: 00000050 ebx: 00000001 ecx: cc826000 edx: 00000000 [ 851.805720] esi: 00030012 edi: cc826b94 ebp: cc826b58 esp: cc826ab8 [ 851.805772] ds: 007b es: 007b ss: 0068 [ 851.805823] Process mount (pid: 4721, ti=cc826000 task=d1faeb10 task.ti=cc826000) [ 851.805872] Stack: c04fec94 c04feccd 000002f8 c04fecb5 0000f000 00000000 d1faeb10 cc826afc [ 851.806173] 0000f000 00000000 00000000 c063387c d1faeb10 00000000 00000000 00000000 [ 851.807252] cc053368 cc826b9c cc053088 ffffffff 00000000 00000000 cc0530d8 cc0531e4 [ 851.807513] Call Trace: [ 851.807593] [<c01045da>] show_trace_log_lvl+0x1a/0x40 [ 851.807697] [<c01046a9>] show_stack_log_lvl+0xa9/0xe0 [ 851.807774] [<c01048c4>] show_registers+0x1e4/0x360 [ 851.807852] [<c0104b3a>] die+0xfa/0x240 [ 851.807925] [<c0104cf3>] do_trap+0x73/0xa0 [ 851.808000] [<c01056b7>] do_invalid_op+0x97/0xc0 [ 851.808077] [<c04734e4>] error_code+0x74/0x80 [ 851.808347] [<c028fb4a>] xtLookup+0xaa/0x240 [ 851.808432] [<c02a3c95>] metapage_get_blocks+0x95/0xe0 [ 851.808512] [<c02a44ea>] metapage_readpage+0xea/0x160 [ 851.808593] [<c014acf3>] read_cache_page+0x93/0x160 [ 851.808676] [<c02a46f4>] __get_metapage+0x114/0x420 [ 851.808754] [<c029a906>] dbMount+0x46/0x160 [ 851.808835] [<c028e024>] jfs_mount+0x84/0x180 [ 851.808913] [<c028a13c>] jfs_fill_super+0x11c/0x2a0 [ 851.808994] [<c016948c>] get_sb_bdev+0xec/0x140 [ 851.809077] [<c0289c21>] jfs_get_sb+0x21/0x40 [ 851.809155] [<c0168f64>] vfs_kern_mount+0xc4/0x140 [ 851.809232] [<c0169029>] do_kern_mount+0x29/0x60 [ 851.809306] [<c017e76b>] do_mount+0x2ab/0x6e0 [ 851.809385] [<c017ec0d>] sys_mount+0x6d/0xc0 [ 851.809460] [<c0102fd0>] syscall_call+0x7/0xb [ 851.809536] ======================= [ 851.809579] Code: c2 0f 85 20 fe ff ff c7 44 24 0c b5 ec 4f c0 c7 44 24 08 f8 02 00 00 c7 44 24 04 cd ec 4f c0 c7 04 24 94 ec 4f c0 e8 a6 c3 e8 ff <0f> 0b eb fe 89 f6 8b 7d bc f6 47 10 02 0f 84 33 01 00 00 8b 45 [ 851.811210] EIP: [<c028e57a>] xtSearch+0x2fa/0x6a0 SS:ESP 0068:cc826ab8 [ 851.811572] On a damaged filesystem we might have a full stack and should not progress further, and return instead of calling BUG() Signed-off-by: Eric Sesterhenn --- linux-2.6.19/fs/jfs/jfs_xtree.c.orig 2006-12-18 14:37:07.000000000 +0100 +++ linux-2.6.19/fs/jfs/jfs_xtree.c 2006-12-18 14:37:55.000000000 +0100 @@ -757,6 +757,8 @@ static int xtSearch(struct inode *ip, s6 nsplit = 0; /* push (bn, index) of the parent page/entry */ + if (BT_STACK_FULL(btstack)) + return -EINVAL; BT_PUSH(btstack, bn, index); /* get the child page block number */ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists