lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201107041659.32707.richard@nod.at>
Date:	Mon, 4 Jul 2011 16:59:32 +0200
From:	Richard Weinberger <richard@....at>
To:	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:	viro@...iv.linux.org.uk, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH][Resend v2] Fix infinite loop in search_binary_handler()

Am Montag 04 Juli 2011, 16:42:09 schrieb Tetsuo Handa:
> Richard Weinberger wrote:
> > > That's strange... Would you show us printk() output like
> > > 
> > > 	printk(KERN_INFO "Calling request_module()\n");
> > > 	request_module("binfmt-%04x", *(unsigned short *)(&bprm->buf[2]));
> > > 	printk(KERN_INFO "Returned from request_module()\n");
> > > 
> > > for demonstrating that __request_module() cannot stop at
> > > MAX_KMOD_CONCURRENT levels of nesting?
> > 
> > There you go!
> > http://userweb.kernel.org/~rw/boot.log
> > 
> > I did not count all messages, but they are more than 50. :-)
> 
> Thank you.
> 
> $ grep -F 'Calling request_module()' boot.log | wc -l
> 25819
> $ grep -F 'Returned from request_module()' boot.log | wc -l
> 25770

Ahh, the dela is 49. Got it!

> So, __request_module() is stopping at MAX_KMOD_CONCURRENT levels
> of nesting. Eventually the process that triggered the first
> request_module() will return from search_binary_handler().
> I don't think this is an infinite loop inside search_binary_handler().
> 
> But it would look like an infinite loop bug if the caller of execve()
> repeats forever. Printing additional information like
> 
>   printk(KERN_INFO "Calling request_module() %s %d %s %d %d\n",
> current->comm, current->pid, bprm->filename, bprm->argc, bprm->envc);
> 
> would help.

Here the second boot log:
http://userweb.kernel.org/~rw/boot2.log

The interesting part is:
---cut---
VFS: Mounted root (ext2 filesystem) readonly on device 98:0.
Calling request_module() swapper 1 /sbin/init 1 3
Calling request_module() kworker/u:0 211 /sbin/modprobe 4 3
...
Calling request_module() kworker/u:0 8741 /sbin/modprobe 4 3
---cut---

After the last "Calling request_module..." message no more messages appear and 
the kernel seems to loop for ever.

Maybe it takes just very long until all calls to /sbin/modprobe terminate?

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ