lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 13 Jan 2012 07:39:25 -0800
From:	Paul Taysom <taysom@...gle.com>
To:	Josh Boyer <jwboyer@...il.com>
Cc:	Paul Taysom <taysom@...omium.org>,
	Mandeep Baines <msb@...omium.org>,
	Olof Johansson <olofj@...omium.org>, Greg KH <greg@...ah.com>,
	Jens Axboe <axboe@...nel.dk>, Theodore Tso <tytso@...gle.com>,
	Andrew Morton <akpm@...gle.com>, linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Alexander Viro <viro@...iv.linux.org.uk>,
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] fs: Fix mod_timer crash when removing USB sticks

On Thu, Jan 12, 2012 at 9:42 PM, Josh Boyer <jwboyer@...il.com> wrote:
> On Thu, Jan 12, 2012 at 4:15 PM, Paul Taysom <taysom@...omium.org> wrote:
>> From: Paul Taysom <taysom@...gle.com>
>>
>> A USB stick with a ext file system on it, would occasionally crash
>> when the stick was pulled.
>>
>> The problem was a timer was being set on the Backing Device Interface,
>> bdi, after the USB device had been removed and the bdi had been
>> unregistered. The bdi would then be later reinitialized by zeroing
>> the timer without removing from the timer from the timer queue.
>> This would eventually result in a kernel crash (NULL ptr dereference).
>
> What backtrace did you see when it crashed?  There have been a number of
> reports where sd_revalidate_disk is at the top of the backtrace and this sounds
> like it might be related.
>
> josh

I had several different crash traces some can be seen in
http://crosbug.com/24165

The reason that there are different crash traces is that the code path
to crash would just be the victim of the memory corruption caused
earlier. However, most of them had to do with setting or clearing
timers. There are additional problems related to lost I/O requests
that I'm still looking at.
-Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ