lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <55AF2B4F.7050609@oracle.com>
Date:	Wed, 22 Jul 2015 13:34:07 +0800
From:	Bob Liu <bob.liu@...cle.com>
To:	Roger Pau Monné <roger.pau@...rix.com>
CC:	xen-devel@...ts.xenproject.org, david.vrabel@...rix.com,
	linux-kernel@...r.kernel.org, konrad.wilk@...cle.com
Subject: Re: [PATCH 2/3] xen-blkfront: rm BUG_ON(info->feature_persistent)
 in blkif_free



On 07/22/2015 12:43 PM, Bob Liu wrote:
> 
> On 07/21/2015 05:25 PM, Roger Pau Monné wrote:
>> El 21/07/15 a les 5.30, Bob Liu ha escrit:
>>> This BUG_ON() in blkif_free() is incorrect, because indirect page can be added
>>> to list info->indirect_pages in blkif_completion() no matter feature_persistent
>>> is true or false.
>>>
>>> Signed-off-by: Bob Liu <bob.liu@...cle.com>
>>
>> Acked-by: Roger Pau Monné <roger.pau@...rix.com>
>>
>> This was probably an oversight from when blkif_completion was changed to
>> check for gnttab_query_foreign_access. It should be backported to stable
>> trees.
>>
> 
> Sorry, this patch is buggy and I haven't figure out why.
> 
> general protection fault: 0000 [#1] SMP 
> Modules linked in:
> CPU: 0 PID: 39 Comm: xenwatch Tainted: G        W       4.1.0-rc3-00003-g718cf80-dirty #67
> Hardware name: Xen HVM domU, BIOS 4.5.0-rc 11/23/2014
> task: ffff880283f4eca0 ti: ffff880283fb4000 task.ti: ffff880283fb4000
> RIP: 0010:[<ffffffff813d577b>]  [<ffffffff813d577b>] blkif_free+0x162/0x5a9
> RSP: 0018:ffff880283fb7c48  EFLAGS: 00010087
> RAX: dead000000200200 RBX: ffff880141400000 RCX: 0000000000000000
> RDX: dead000000100100 RSI: dead000000100100 RDI: ffff88028f418bb8
> RBP: ffff880283fb7ca8 R08: dead000000200200 R09: 0000000000000001
> R10: 0000000000000001 R11: 0000000000000000 R12: ffff8801414481c8
> R13: dead0000001000e0 R14: ffff8801414481b8 R15: ffffea0000000000
> FS:  0000000000000000(0000) GS:ffff88028f400000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000001582e08 CR3: 000000013345b000 CR4: 00000000001406f0
> Stack:
>  ffff880023aa8420 0000000000000286 ffff880283fb7cb7 ffff880023aa8420
>  ffff8800363fe240 ffffffff81862c50 ffff880283fb7ce8 ffff880023aa8440
>  ffffffff81870000 ffff880023aa8400 ffff880141400000 ffff880141400008
> Call Trace:
>  [<ffffffff813d8e76>] blkfront_remove+0x4c/0xff
>  [<ffffffff813772fa>] xenbus_dev_remove+0x76/0xb0
>  [<ffffffff813bd611>] __device_release_driver+0x84/0xf8
>  [<ffffffff813bd6a3>] device_release_driver+0x1e/0x2b
>  [<ffffffff813bd1ef>] bus_remove_device+0x12c/0x141
>  [<ffffffff813ba51d>] device_del+0x161/0x1e5
>  [<ffffffff81375ef3>] ? xenbus_thread+0x239/0x239
>  [<ffffffff813ba5e4>] device_unregister+0x43/0x4f
>  [<ffffffff81377853>] xenbus_dev_changed+0x82/0x17f
>  [<ffffffff81377566>] ? xenbus_otherend_changed+0xf0/0xff
>  [<ffffffff81378d8d>] frontend_changed+0x43/0x48
>  [<ffffffff81375fec>] xenwatch_thread+0xf9/0x127
>  [<ffffffff81078fc4>] ? add_wait_queue+0x44/0x44
>  [<ffffffff8106195b>] kthread+0xcd/0xd5
>  [<ffffffff81060000>] ? alloc_pid+0xe8/0x492
>  [<ffffffff8106188e>] ? kthread_freezable_should_stop+0x48/0x48
>  [<ffffffff81533ee2>] ret_from_fork+0x42/0x70
>  [<ffffffff8106188e>] ? kthread_freezable_should_stop+0x48/0x48
> Code: 04 00 4c 8b 28 48 8d 78 e0 49 83 ed 20 eb 3d 48 8b 47 28 48 8b 57 20 48 be 00 01 10 00 00 00 ad de 49 b8 00 02 20 00 00 00 ad de <48> 89 42 08 48 89 10 48 89 77 20 4c 89 47 28 31 f6 e8 26 7d cf 
> RIP  [<ffffffff813d577b>] blkif_free+0x162/0x5a9
>  RSP <ffff880283fb7c48>
> ---[ end trace 5321d7f1ef8414d0 ]---
> 

The right fix should be:

--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -1124,8 +1124,10 @@ static void blkif_completion(struct blk_shadow *s, struct blkfront_info *info,
                                 * Add the used indirect page back to the list of
                                 * available pages for indirect grefs.
                                 */
-                               indirect_page = pfn_to_page(s->indirect_grants[i]->pfn);
-                               list_add(&indirect_page->lru, &info->indirect_pages);
+                               if (!info->feature_persistent) {
+                                       indirect_page = pfn_to_page(s->indirect_grants[i]->pfn);
+                                       list_add(&indirect_page->lru, &info->indirect_pages);
+                               }
                                s->indirect_grants[i]->gref = GRANT_INVALID_REF;
                                list_add_tail(&s->indirect_grants[i]->node, &info->grants);
                        }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ