lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAAObsKAFcuz_LJTVhm36J7s-mft4c8RgP6KetXcs_r_Mtmm+ig@mail.gmail.com>
Date:	Thu, 14 Jan 2016 16:58:48 +0100
From:	Tomeu Vizoso <tomeu@...euvizoso.net>
To:	Al Viro <viro@...iv.linux.org.uk>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Neil Brown <neilb@...e.com>, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 06/11] don't put symlink bodies in pagecache into highmem

On 14 January 2016 at 16:25, Al Viro <viro@...iv.linux.org.uk> wrote:
> On Thu, Jan 14, 2016 at 02:22:51PM +0100, Tomeu Vizoso wrote:
>> On 9 December 2015 at 06:34, Al Viro <viro@...iv.linux.org.uk> wrote:
>> > From: Al Viro <viro@...iv.linux.org.uk>
>> >
>> > kmap() in page_follow_link_light() needed to go - allowing to hold
>> > an arbitrary number of kmaps for long is a great way to deadlocking
>> > the system.
>> >
>> > new helper (inode_nohighmem(inode)) needs to be used for pagecache
>> > symlinks inodes; done for all in-tree cases.  page_follow_link_light()
>> > instrumented to yell about anything missed.
>>
>> Hi, starting with with this change, I get this oops when installing
>> packages into a rootfs in NFS:
>
> Lovely...  So you somehow getting a highmem page out
>                 page = read_cache_page(&inode->i_data, 0,
>                                         (filler_t *)nfs_symlink_filler, inode);
>                 if (IS_ERR(page))
>                         return ERR_CAST(page);
> and that - after
>                         inode_nohighmem(inode);
> (otherwise you wouldn't get nfs_symlink_inode_operations on that inode).
>
> Could you add
>         printk(KERN_ERR "i_data = %p, i_mapping = %p, flags: %lx\n",
>                 &inode->i_data,
>                 inode->i_mapping,
>                 (unsigned long)inode->i_data.flags);
> right before the return from nfs_get_link() and see what it prints?

Here it is:

[  170.136956] i_data = ed9c1b04, i_mapping = ed9c1b04, flags: 24200c0
[  170.144567] i_data = ed9de784, i_mapping = ed9de784, flags: 24200c0
[  170.151457] i_data = ed9dec84, i_mapping = ed9dec84, flags: 24200c0
[  170.158358] i_data = ed9c3b84, i_mapping = ed9c3b84, flags: 24200c0
[  170.165253] i_data = ed9d4204, i_mapping = ed9d4204, flags: 24200c0
[  170.172131] i_data = ed9df184, i_mapping = ed9df184, flags: 24200c0
[  170.188804] i_data = eddbce84, i_mapping = eddbce84, flags: 24200c0
[  170.196158] i_data = ec904984, i_mapping = ec904984, flags: 24200c0
[  170.205133] i_data = ec906784, i_mapping = ec906784, flags: 24200c0
[  170.211406] Unable to handle kernel NULL pointer dereference at
virtual address 00000000
[  170.219490] pgd = ee7f0000
[  170.222197] [00000000] *pgd=7b85b835
[  170.225784] Internal error: Oops: 17 [#1] SMP ARM
[  170.230477] Modules linked in:
[  170.233537] CPU: 2 PID: 1 Comm: systemd Not tainted
4.4.0-next-20160114-00005-g6f86169c2250-dirty #3525
[  170.242910] Hardware name: Rockchip (Device Tree)
[  170.247604] task: ee078000 ti: ee062000 task.ti: ee062000
[  170.252996] PC is at strlen+0x0/0x2c
[  170.256565] LR is at readlink_copy+0x24/0x94
[  170.260826] pc : [<c049b138>]    lr : [<c0321160>]    psr: 00000013
[  170.260826] sp : ee063f38  ip : 00000000  fp : ec9066b0
[  170.272281] r10: 001a49f8  r9 : 00000063  r8 : ee063f74
[  170.277494] r7 : 001a4968  r6 : 001a49f8  r5 : 00000000  r4 : 00000063
[  170.284008] r3 : 0000012c  r2 : 00000000  r1 : 00000063  r0 : 00000000
[  170.290522] Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[  170.297642] Control: 10c5387d  Table: 2e7f006a  DAC: 00000051
[  170.303375] Process systemd (pid: 1, stack limit = 0xee062220)
[  170.309196] Stack: (0xee063f38 to 0xee064000)
[  170.313542] 3f20:
    001a49f8 00000063
[  170.321705] 3f40: ffffff9c 001a4968 ee063f74 c0321208 c0321250
eff6b920 ffffffea ffffffea
[  170.329868] 3f60: 00004000 c031c234 00000000 00000000 00000025
00000000 ee102b50 ec874990
[  170.338030] 3f80: 5697c41b 001a49f8 00000064 00000063 0000014c
c0210e84 ee062000 00000000
[  170.346193] 3fa0: 001a4968 c0210cc0 001a49f8 00000064 ffffff9c
001a4968 001a49f8 00000063
[  170.354355] 3fc0: 001a49f8 00000064 00000063 0000014c bec450b8
001c1094 001d0933 001a4968
[  170.362518] 3fe0: 0000014c bec45094 b6f2af7b b6eb88e6 20000030
ffffff9c ffffffff ffeffffe
[  170.370683] [<c049b138>] (strlen) from [<c0321160>] (readlink_copy+0x24/0x94)
[  170.377806] [<c0321160>] (readlink_copy) from [<c0321208>]
(generic_readlink+0x38/0x80)
[  170.385796] [<c0321208>] (generic_readlink) from [<c031c234>]
(SyS_readlinkat+0x98/0xe0)
[  170.393874] [<c031c234>] (SyS_readlinkat) from [<c0210cc0>]
(ret_fast_syscall+0x0/0x3c)
[  170.401863] Code: e7d23003 e3130020 1afffffb e12fff1e (e5d02000)
[  170.407965] ---[ end trace 87f95166dedbabb0 ]---

Full log at https://lava.collabora.co.uk/scheduler/job/127626/log_file

Regards,

Tomeu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ