lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 26 Aug 2014 17:47:52 +0300
From:	Alexey Dobriyan <adobriyan@...il.com>
To:	Jens Axboe <axboe@...com>
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: /proc/diskstats buglet

Found and reproduced some time ago, almost forgot about :-)

In part_round_stats_single(), ->stamp field is written but without
locking SMP-wise.

    part->stamp = now;

So, if two processes read /proc/diskstats, it is possible for "now -
part->stamp" value to become negative.

And indeed this can happen:

now 4294755500, ->stamp 4294755501
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1950 at block/blk-core.c:1229
part_round_stats_single+0xc0/0xd0()
 ...
 [<ffffffff811963f0>] part_round_stats_single+0xc0/0xd0
 [<ffffffff81196447>] part_round_stats+0x47/0x70
 [<ffffffff811a069d>] diskstats_show+0x8d/0x4b0
 ...

Dunno how important used fields in /proc/diskstats but they can be
clearly bogus.

    Alexey
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ