lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Jan 2012 01:39:21 +0530
From:	Rabin Vincent <rabin@....in>
To:	Wu Fengguang <fengguang.wu@...el.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Crash in writeback:single_inode tracepoint after card removal

On Tue, Jan 17, 2012 at 09:02, Wu Fengguang <fengguang.wu@...el.com> wrote:
> On Sun, Jan 15, 2012 at 08:58:06PM +0530, Rabin Vincent wrote:
>>  Unable to handle kernel NULL pointer dereference at virtual address 0000002c
>>  pgd = c0004000
>>  [0000002c] *pgd=00000000
>>  Internal error: Oops: 17 [#1] PREEMPT SMP
>>  PC is at ftrace_raw_event_writeback_single_inode_template+0x60/0xe4
>>  LR is at ftrace_raw_event_writeback_single_inode_template+0x50/0xe4
>>
>> The full trace+log is attached.  My kernel (current linus) has a delay
>> inserted in __mark_inode_dirty, to easily trigger the condition:
>
> Rabin, thanks for showing the helpful details! It should be fixable by
> the use of inode_to_bdi():

Thanks, this fixes that one.

However, I've found one more race condition leading to a crash when
tracing is enabled, this time from the writeback:queue trace point from
bdi_queue_work().  The cause is the same, i.e.  bdi->dev is NULL.  This
was produced with the help of the following delay patch.  trace+log is
attached.

diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index 424a655..fe9f8f2 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -106,9 +106,21 @@ static void bdi_wakeup_flusher(struct
backing_dev_info *bdi)
 	}
 }

+#include <linux/delay.h>
+
 static void bdi_queue_work(struct backing_dev_info *bdi,
 			   struct wb_writeback_work *work)
 {
+	if (!strcmp(current->comm, "sync") && work->sb) {
+		trace_printk("waiting 6s\n");
+		printk("%s: waiting 6s, pull out card\n", __func__);
+
+		msleep(6000);
+
+		trace_printk("done waiting\n");
+		printk("%s: done waiting\n", __func__);
+	}
+
 	trace_writeback_queue(bdi, work);

 	spin_lock_bh(&bdi->wb_lock);

Download attachment "log.gz" of type "application/x-gzip" (20201 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ