lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 16 Nov 2010 16:54:17 +0000
From:	Prasad Joshi <prasadjoshi124@...il.com>
To:	Linux Kernel <linux-kernel@...r.kernel.org>, florian@...kler.org,
	Joern <joern@...fs.org>, logfs@...fs.org
Subject: [PATCH 1/1] LogFS: Kernel BUG at readwrite.c:1193

This happens when __logfs_create() tries to write a new inode to the
disk which is full.

__logfs_create() associates the transaction pointer with inode. During
the logfs_write_inode() function call chain this transaction pointer
is moved from inode to page->private using function move_inode_to_page
(do_write_inode() -> inode_to_page() -> move_inode_to_page)

When the write inode fails, the transaction is aborted and iput is
called on the failed inode. During delete_inode the same transaction
pointer associated with the page is getting used. Thus causing kernel
BUG.

The patch checks for error in write_inode() and restores the
page->private to NULL.


Signed-off-by: Prasad Joshi <prasadjoshi124@...il.com>
---
diff --git a/fs/logfs/readwrite.c b/fs/logfs/readwrite.c
index 6127baf..ee99a9f 100644
--- a/fs/logfs/readwrite.c
+++ b/fs/logfs/readwrite.c
@@ -1994,6 +1994,9 @@ static int do_write_inode(struct inode *inode)

        /* FIXME: transaction is part of logfs_block now.  Is that enough? */
        err = logfs_write_buf(master_inode, page, 0);
+       if (err)
+               move_page_to_inode(inode, page);
+
        logfs_put_write_page(page);
        return err;
 }



---------- Forwarded message ----------
From:  <bugzilla-daemon@...zilla.kernel.org>
Date: Tue, Nov 16, 2010 at 3:20 PM
Subject: [Bug 20162] [LogFS][2.6.36.rc7+] Kernel BUG at readwrite.c:1193
To: prasadjoshi124@...il.com


https://bugzilla.kernel.org/show_bug.cgi?id=20162


Florian Mickler <florian@...kler.org> changed:

          What    |Removed                     |Added
----------------------------------------------------------------------------
            Status|NEW                         |RESOLVED
                CC|                            |florian@...kler.org
        Resolution|                            |PATCH_ALREADY_AVAILABLE




--- Comment #2 from Florian Mickler <florian@...kler.org>  2010-11-16
15:20:46 ---
Can you submit that patch to lkml and cc the logfs maintainer and the logfs
list?
(Joern Engel <joern@...fs.org>, logfs@...fs.org, linux-kernel@...r.kernel.org)

See Documentation/SubmittingPatches

Patch: https://bugzilla.kernel.org/show_bug.cgi?id=20162#c1

--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ