lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130910184324.GY13318@ZenIV.linux.org.uk>
Date:	Tue, 10 Sep 2013 19:43:24 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Josh Boyer <jwboyer@...il.com>, Waiman Long <Waiman.Long@...com>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>,
	moneta.mace@...il.com
Subject: Re: kernel BUG at fs/dcache.c:648! with v3.11-7890-ge5c832d

On Tue, Sep 10, 2013 at 11:25:44AM -0700, Linus Torvalds wrote:
>                 nd->flags &= ~LOOKUP_RCU;
>                 if (!(nd->flags & LOOKUP_ROOT))
>                         nd->root.mnt = NULL;
>                 unlock_rcu_walk();
> 
> and my unlazy_walk() essentially terminated the walk _without_
> clearing that nd->root.mnt thing (it did clear the LOOKUP_RCU bit and
> unlock_rcy_walk(). So then later, we'd end up doing an extra
> path_put(). Explaining a zero d_lockref.count.
> 
> The whole damn root.mnt behavior with !LOOKUP_ROOT is a mystery and
> needs more comments. But the attached trivial patch should do the
> missing portion of terminate_walk().
>
> Al, can you walk us through the rules for what "root.mnt == NULL"
> really means? It's basically used as a flag for whether we've gotten
> the root pointer or not. But it's pretty damn esoteric.

LOOKUP_ROOT: the caller has set nd->root and we shouldn't touch that
at all.

!LOOKUP_ROOT: we set nd->root the first time we need / (in the very
beginning if it's an absolute pathname, on the first absolute symlink
otherwise).  In non-RCU mode we hold a reference to it; in RCU mode
we do not.  As the result, leaving RCU mode should either grab
a reference to the damn thing (if we intend to go on) or zero it out.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ