lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200904161802.21302.bzolnier@gmail.com>
Date:	Thu, 16 Apr 2009 18:02:21 +0200
From:	Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
To:	Theodore Tso <tytso@....edu>
Cc:	Andrew Price <andy@...rewprice.me.uk>,
	"Rafael J. Wysocki" <rjw@...k.pl>, linux-kernel@...r.kernel.org
Subject: Re: BUG: using rootfstype=ext4 causes oops

On Thursday 16 April 2009 16:53:57 Theodore Tso wrote:
> On Thu, Apr 16, 2009 at 11:47:58AM +0100, Andrew Price wrote:
> > On Thu, Apr 16, 2009 at 12:19:45AM -0400, Theodore Tso wrote:
> > > The stack traces are in the IDE interrupt
> > > handler, so it seems surprising that ext4 would trigger it but ext3
> > > would not.  Have you tried ext4 on any earlier kernel?
> > 
> > It happened with linux-2.6.git kernels earlier in the week when I
> > started trying rootfstype=ext4 but I haven't tried properly bisecting it
> > yet.
> > 
> > > The main difference I can think of is that ext4 enables barriers by
> > > default; maybe that's the case of the IDE breakage?  Can you try
> > > booting with the boot command option "rootfsflags=barrier=0" as well
> > > as "rootfstype=ext4", and see if that helps?
> > 
> > I added rootflags=barrier=0 ...
> > 
> > ... and it doesn't panic.
> > 
> > > If so, it's a bug in the IDE code in that it's not handling barriers
> > > correctly.
> > 
> > Bingo.

Freeing non-slab objects is bad.

Andrew, does this patch help?

---
 drivers/ide/ide-io.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

Index: b/drivers/ide/ide-io.c
===================================================================
--- a/drivers/ide/ide-io.c
+++ b/drivers/ide/ide-io.c
@@ -102,11 +102,14 @@ void ide_complete_cmd(ide_drive_t *drive
 			drive->dev_flags |= IDE_DFLAG_PARKED;
 	}
 
-	if (rq && rq->cmd_type == REQ_TYPE_ATA_TASKFILE)
-		memcpy(rq->special, cmd, sizeof(*cmd));
+	if (rq && rq->cmd_type == REQ_TYPE_ATA_TASKFILE) {
+		struct ide_cmd *orig_cmd = rq->special;
 
-	if (cmd->tf_flags & IDE_TFLAG_DYN)
-		kfree(cmd);
+		if (cmd->tf_flags & IDE_TFLAG_DYN)
+			kfree(orig_cmd);
+		else
+			memcpy(orig_cmd, cmd, sizeof(*cmd));
+	}
 }
 
 /* obsolete, blk_rq_bytes() should be used instead */

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ