lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OFC774CB73.13FD05DE-ON4825800A.002DFA67-4825800A.002FE61E@zte.com.cn>
Date:	Tue, 9 Aug 2016 16:43:26 +0800
From:	wang.guang55@....com.cn
To:	tytso@....edu, adilger.kernel@...ger.ca
Cc:	linux-kernel@...r.kernel.org, cai.qu@....com.cn,
	ouyang.maochun@....com.cn, tan.hu@....com.cn,
	wen.yang99@....com.cn, tian.yongjiang@....com.cn
Subject: [PATCH] ext4: bugfix for mmaped pages in mpage_release_unused_pages()

ext4: bugfix for mmaped pages  in mpage_release_unused_pages()

Pages clear buffers after ext4 delayed block allocation failed,
However, it does not clean its pte_dirty flag.
if the pages unmap ,in cording to the pte_dirty ,
unmap_page_range may try to call __set_page_dirty,
which may lead to the bugon at mpage_prepare_extent_to_map:head = 
page_buffers(page); .
This patch just call clear_page_dirty_for_io to clean pte_dirty at 
mpage_release_unused_pages for pages mmaped. 

 
Steps to reproduce the bug:
(1) mmap a file in ext4
 addr = (char *)mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
 memset(addr, 'i', 4096);
(2) return EIO at 
ext4_writepages->mpage_map_and_submit_extent->mpage_map_one_extent->ext4_map_blocks 
 Cause the log:
                ext4_msg(sb, KERN_CRIT,
                                 "Delayed block allocation failed for "
                                 "inode %lu at logical offset %llu with"
                                 " max blocks %u with error %d",
                                 inode->i_ino,
                                 (unsigned long long)map->m_lblk,
                                 (unsigned)map->m_len, -err);

(3)Unmap the addr case warning at __set_page_dirty:
(4) wait for a minute,then bugon happen.

diff -uprN linux-3.10.102/fs/ext4/inode.c 
linux-3.10.102_new/fs/ext4/inode.c
--- linux-3.10.102/fs/ext4/inode.c      2016-08-09 04:06:59.000000000 
-0400
+++ linux-3.10.102_new/fs/ext4/inode.c  2016-08-09 04:09:26.000000000 
-0400
@@ -1465,6 +1465,10 @@ static void mpage_release_unused_pages(s
                        BUG_ON(!PageLocked(page));
                        BUG_ON(PageWriteback(page));
                        if (invalidate) {
+                               if (page_mapped(page)) 
+                                {
+                                 clear_page_dirty_for_io(page);
+                                }
                                block_invalidatepage(page, 0, 
PAGE_CACHE_SIZE);
                                ClearPageUptodate(page);
                        }

















王广
Operation System Production Dept .
操作系统产品部

创新*突破*集约化
Add:成都市高新区天府大道中段800号中兴通讯大厦xxx室 
Tel:13678197402



 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ