lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 10 May 2007 14:33:51 +0400
From:	Alexey Dobriyan <adobriyan@...ru>
To:	Jeremy Fitzhardinge <jeremy@...p.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Ken Chen <kenchen@...gle.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	linux-kernel@...r.kernel.org, Kay Sievers <kay.sievers@...y.org>
Subject: Re: 2.6.21-git11: BUG in loop.ko

On Thu, May 10, 2007 at 11:39:49AM +0400, Alexey Dobriyan wrote:
> On Wed, May 09, 2007 at 05:20:59PM -0700, Jeremy Fitzhardinge wrote:
> > 100% reliable, but a bit obscure.  I'm booting an FC6 livecd with a
> > paravirt_ops kernel under Xen.  The relevant part of the iso's initrd
> > script is:
> >
> > + mknod /dev/loop118 b 7 118
> > + mknod /dev/loop119 b 7 119
> > + mknod /dev/loop120 b 7 120
> > + mknod /dev/loop121 b 7 121
> > + mkdir -p /dev/mapper
> > + mknod /dev/mapper/control c 10 63
> > + modprobe loop max_loop=128
> > loop: the max_loop option is obsolete and will be removed in March 2008
> > loop: module loaded
> > + modprobe dm_snapshot
> > device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised: dm-devel@...hat.com
> > + '[' 0 == 1 ']'
> > + losetup /dev/loop120 /sysroot/squashfs.img
> > ------------[ cut here ]------------
> > kernel BUG at /home/jeremy/hg/xen/paravirt/linux/include/linux/module.h:396!
> > invalid opcode: 0000 [#1]
> > PREEMPT SMP
> > Modules linked in: dm_snapshot dm_mod loop
> > CPU:    0
> > EIP:    0061:[<d085a911>]    Not tainted VLI
> > EFLAGS: 00010246   (2.6.21-paravirt #1339)
> > [...]
>
> This must be caused by dynamic loop devices creation patch
>
> Steps to reproduce:
>
> 	mknod foo b 7 1
> 	losetup foo 1.img
>
> where "7 1" is major/minor pair which doesn't created by udev et al
> after module loading.

I don't understand what "+ 1" is doing in lo_open(). Off by one?
It's removal would certainly fix creation of random number of loop
devices after just "losetup -a".

Also refcount of loop module can be made negative via

	mknod foo b 7 42
	losetup -d foo		# sic

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ