lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 30 Jul 2007 16:38:48 -0700
From:	Zach Brown <zach.brown@...cle.com>
To:	Badari Pulavarty <pbadari@...ibm.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Joe Jin <joe.jin@...cle.com>,
	gurudas pai <gurudas.pai@...cle.com>,
	torvalds@...ux-foundation.org, jens.axboe@...cle.com,
	lkml <linux-kernel@...r.kernel.org>, wen.gang.wang@...cle.com
Subject: Re: [PATCH] add check do_direct_IO() return val


On Jul 30, 2007, at 2:58 PM, Badari Pulavarty wrote:

> On Mon, 2007-07-30 at 14:45 -0700, Zach Brown wrote:
>>> I am also taking a look at it right now.
>>
>> Are we having a race to write a little test app that reproduces the
>> problem? :)
>
> Nope. Feel free to write the test case.

Well, I'm having a heck of a time getting this to fail.  It looks  
possible, though.  Joe, were you guys able to narrow it down to a  
reproducible test case?  Do you have any oops output messages from  
the crashes?

It looks like it takes a very particular set of circumstances to  
actually crash after relying on an uninitialized map_bh.  (see the  
blkfactor, buffer_new(), and this_chunk_blocks tests in dio_zero_block 
()).

> I am just looking at the code
> to see what needs to be done.

It looks like the unconditional dio_cleanup() and dio_zero_block()  
calls outside the nseg loop are relying on state which might not have  
been built up.  _zero_block() tests map_bh's flags without them being  
set.  _cleanup could, in some crazy world, get confused if we managed  
to get here with a 0 nr_segs because dio->head and ->tail wouldn't be  
initialized.

So we could initialize some more fields at the start of  
direct_io_worker for the benefit of these cleanup calls.  Or we could  
conditionally call them based on some other indicator of progress.   
Neither really thrills me.

And I don't have a test case to verify changes with.  Meh.

How do you feel about initializing the dio with kzalloc() and only  
initializing the fields that we rely on being non-zero, and  
commenting the hell out of it?

- z
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ