lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090224161406.GA13313@atrey.karlin.mff.cuni.cz>
Date:	Tue, 24 Feb 2009 17:14:06 +0100
From:	Jan Kara <jack@...e.cz>
To:	"Sachin P. Sant" <sachinp@...ibm.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	linux-ext4@...r.kernel.org, Mel Gorman <mel@....ul.ie>,
	linuxppc-dev@...abs.org
Subject: Re: Crash (ext3 ) during 2.6.29-rc6 boot

> Andrew Morton wrote:
> >hm, I wonder what could have caused that - we haven't altered
> >fs/ext3/xattr.c in ages.
> >
> >What is the most recent kernel version you know of which didn't do
> >this?  Bear in mind that this crash might be triggered by the
> >current contents of the filesystem, so if possible, please test
> >some other kernel versions on that disk.
> >  
> I am trying to boot a vanilla kernel on this machine for the first
> time. Haven't tried any other kernels. Will give it a try.
> 
> >It looks like we died in ext3_xattr_block_get():
> >
> >		memcpy(buffer, bh->b_data + le16_to_cpu(entry->e_value_offs),
> >		       size);
> >
> >Perhaps entry->e_value_offs is no good.  I wonder if the filesystem is
> >corrupted and this snuck through the defenses.
> >
> >I also wonder if there is enough info in that trace for a ppc person to
> >be able to determine whether the faulting address is in the source or
> >destination of the memcpy() (please)?
> >  
> Some more information if this could be of any help.
> 
> 0:mon> di 0xc000000000039574
> c000000000039574  e9240008      ld      r9,8(r4)
> c000000000039578  409d0010      ble     cr7,c000000000039588    # 
> .memcpy+0x88/0x244
> c00000000003957c  79290002      rotldi  r9,r9,32
> c000000000039580  91230000      stw     r9,0(r3)
> c000000000039584  38630004      addi    r3,r3,4
> c000000000039588  409e0010      bne     cr7,c000000000039598    # 
> .memcpy+0x98/0x244
> c00000000003958c  79298000      rotldi  r9,r9,16
> c000000000039590  b1230000      sth     r9,0(r3)
> c000000000039594  38630002      addi    r3,r3,2
> c000000000039598  409f000c      bns     cr7,c0000000000395a4    # 
> .memcpy+0xa4/0x244
> c00000000003959c  79294000      rotldi  r9,r9,8
> c0000000000395a0  99230000      stb     r9,0(r3)
> c0000000000395a4  e8610030      ld      r3,48(r1)
> c0000000000395a8  4e800020      blr
> c0000000000395ac  78a6e8c2      rldicl  r6,r5,61,3
> c0000000000395b0  38a5fff0      addi    r5,r5,-16
> 0:mon> r
> R00 = 000000000000e40f   R16 = 00000000100edbc8
> R01 = c00000003e59b3e0   R17 = 00000000100b0000
> R02 = c0000000009c2110   R18 = 0000000000000005
> R03 = c000000044bc90e0   R19 = 00000000fff0d7a8
> R04 = c000000039cffff4   R20 = 00000000fff0d708
> R05 = 0000000000000003   R21 = 00000000000000ff
> R06 = 0000000000000000   R22 = 0000000000000006
> R07 = 0000000000000001   R23 = c00000000079ab49
> R08 = 723a7573725f743a   R24 = c0000000372fe2a8
> R09 = 3a6f626a6563745f   R25 = c000000044bc90c8
> R10 = c00000003b250968   R26 = c0000000372fe240
> R11 = c000000000039500   R27 = c0000000372fe3b0
> R12 = d00000000244c590   R28 = c0000000372c5280
> R13 = c000000000a53480   R29 = 000000000000001b
> R14 = 00000000100d0000   R30 = d0000000024654d0
> R15 = 0000000000000000   R31 = ffffffffffffffde
> pc  = c000000000039574 .memcpy+0x74/0x244
> lr  = d00000000244916c .ext3_xattr_get+0x288/0x2f4 [ext3]
> msr = 8000000000009032   cr  = 4400844b
> ctr = 0000000000000000   xer = 0000000000000001   trap =  300
> dar = c000000039d00000   dsisr = 40000000
> 0:mon>
  Yes, this makes me even more suspitious that memcpy() on powerpc could
be at fault. The instruction (ld r9,8(r4)) is loading last 8 bytes to copy,
but in fact it should load only 3 bytes in our case because remaining 5
bytes are not in the range we specified and thus larger load can cause
page fault...

								Honza
-- 
Jan Kara <jack@...e.cz>
SuSE CR Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ