lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1336079020.7467.0.camel@localhost>
Date:	Thu, 03 May 2012 23:03:40 +0200
From:	Jana Saout <jana@...ut.de>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	Al Viro <viro@...iv.linux.org.uk>,
	Nick Piggin <npiggin@...il.com>,
	Joel Becker <jlbec@...lplan.org>, linux-kernel@...r.kernel.org
Subject: Re: Oops with DCACHE_WORD_ACCESS and ocfs2, autofs4

Hi again,

sorry for the addendum: This was actually the first patch - my mistake -
copied the new kernel into the wrong place... don't know if this makes a
difference.  Running the latest patch now, just to make sure.

	Jana


> > Jana - never mind that patch. It will avoid the page fault, but try to
> > use the wrong (truncated) name due to the extraneous left-shift of the
> > loaded value.
> > 
> > So use the attached one instead. It just removes the extra shift that
> > Peter noticed, and also allows the use of the word-at-a-time code with
> > DEBUG_PAGEALLOC so that I can test it myself too.
> 
> Ok, I have been running with that patch for slightly over an hour and
> didn't get that oops anymore.
> 
> Instead, now I got an oops on __d_lookup (fs/dcache.c line 155) (kernel
> log excerpt below):
> 
> > #ifdef CONFIG_DCACHE_WORD_ACCESS
> >         unsigned long a,b,mask;
> > 
> >         if (unlikely(scount != tcount))
> >                 return 1;
> > 
> >         for (;;) {
> >                 a = *(unsigned long *)cs;
> >     ->          b = *(unsigned long *)ct;  
> >                 if (tcount < sizeof(unsigned long))
> >                         break;
> 
> Similar issue, ct is pointing at 0xffff880115a59ffb
> 
> 	Jana
> 
> 
> BUG: unable to handle kernel paging request at ffff880115a5a000
> IP: [<ffffffff81146850>] __d_lookup+0xe0/0x170
> PGD 180c067 PUD bf3f4067 PMD bf4a2067 PTE 0
> Oops: 0000 [#1] PREEMPT SMP 
> CPU 0 
> Modules linked in: nfs lockd auth_rpcgss nfs_acl sunrpc autofs4 ocfs2
> jbd2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager
> ocfs2_stackglue configfs
> 
> Pid: 10310, comm: apache2 Not tainted 3.4.0-js1-test #1  
> RIP: e030:[<ffffffff81146850>]  [<ffffffff81146850>] __d_lookup
> +0xe0/0x170
> RSP: e02b:ffff880095cc9bf8  EFLAGS: 00010293
> RAX: 0000000000006461 RBX: ffff88009d3ef248 RCX: 0000000000000002
> RDX: 0000000000000006 RSI: 0000000000000000 RDI: ffff88009d3ef29c
> RBP: 0000000000007374 R08: 0000000000000002 R09: ffff88009d3ef278
> R10: ffff88009d3ef240 R11: 0000000000000000 R12: ffff88009d3ef29c
> R13: ffff880065148e40 R14: ffff880115a59ffb R15: ffff880095cc9e78
> FS:  00007fcb26ffe6d0(0000) GS:ffff8800bff0c000(0000)
> knlGS:0000000000000000
> CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: ffff880115a5a000 CR3: 0000000095cc2000 CR4: 0000000000000660
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process apache2 (pid: 10310, threadinfo ffff880095cc8000, task
> ffff8800b3de1800)
> Stack:
>  ffffffff814268da 000000000000e030 0000000000010257 0000000000000002
>  000000000000e02b ffff880095cc9d10 ffff880095cc9d40 ffff880095cc9e68
>  0000000000000001 0000000000000000 ffff8800b3de1800 ffffffff8113c135
> Call Trace:
>  [<ffffffff814268da>] ? bad_gs+0xa34/0x197a
>  [<ffffffff8113c135>] ? do_lookup+0x165/0x340
>  [<ffffffff8113c7ba>] ? link_path_walk+0x4aa/0x890
>  [<ffffffff81036c52>] ? pvclock_clocksource_read+0x52/0xf0
>  [<ffffffff8113cd02>] ? path_lookupat+0x52/0x740
>  [<ffffffff8104bad1>] ? sys_gettimeofday+0x31/0x80
>  [<ffffffff8101a2eb>] ? emulate_vsyscall+0x31b/0x350
>  [<ffffffff8113d41c>] ? do_path_lookup+0x2c/0xc0
>  [<ffffffff8113aa2d>] ? getname_flags+0xed/0x260
>  [<ffffffff8113ebde>] ? user_path_at_empty+0x5e/0xb0
>  [<ffffffff8104c912>] ? local_bh_enable_ip+0x22/0xb0
>  [<ffffffff81325eeb>] ? sock_setsockopt+0x8b/0x870
>  [<ffffffff8112e981>] ? sys_faccessat+0xa1/0x1c0
>  [<ffffffff814241f9>] ? system_call_fastpath+0x16/0x1b
> Code: 8d 53 f8 44 8b 43 1c 4c 8b 4b 20 75 4e 48 8b 4c 24 18 4d 63 c0 4c
> 39 c1 75 b0 31 f6 0f 1f 80 00 00 00 00 48 83 f9 07 49 8b 04 31 <49> 8b
> 14 36 76 5a 48 39 d0 75 94 48 83 c6 08 48 83 e9 08 75 e3 
> RIP  [<ffffffff81146850>] __d_lookup+0xe0/0x170
>  RSP <ffff880095cc9bf8>
> CR2: ffff880115a5a000
> ---[ end trace b53471b6e52caa9d ]---
> 
> (followed by note: apache2[10310] exited with preempt_count 1
> BUG: scheduling while atomic: apache2/10310/0x10000002)
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ