lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161129084014.GA7024@quack2.suse.cz>
Date:   Tue, 29 Nov 2016 09:40:14 +0100
From:   Jan Kara <jack@...e.cz>
To:     Darren Austin <lists@...erdark.org.uk>
Cc:     linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
        Anna Schumaker <anna.schumaker@...app.com>,
        Trond Myklebust <trond.myklebust@...marydata.com>,
        David Howells <dhowells@...hat.com>, linux-cachefs@...hat.com
Subject: Re: BUG: User triggerable kernel panic in 4.8 (possibly 4.9)

Hello,

Thanks for report. I suspect this bug got lost in the noise of
linux-kernel. Adding more relevant lists and people to CC.

								Honza

On Thu 20-10-16 15:24:37, Darren Austin wrote:
> [ Please CC me with any replies as I will be leaving the list shortly ]
> 
> Hi,
>   I'm not sure if this is the best place to report an issue i've discovered 
> with the kernel and the 'fsc' mount option - please let me know if there is 
> some other mailing list or person I should be notifying about this.
> 
> The bug appears (at least for me) when using an NFS server, and a client 
> which mounts an export from that server with the 'fsc' option (whether or 
> not the fscache daemon is running or not).  It also seems easiest to trigger 
> using the 'nano' editor, but other commands will trigger it randomly.
> 
> I've tested this bug on the Ubuntu 1610 kernel (4.8.0) and with the 4.8.2 
> kernel from http://kernel.ubuntu.com/~kernel-ppa/mainline/.  The latter 
> purports to be a kernel built from the unmodified kernel source, and simply 
> packaged in a .deb, so this isn't a Ubuntu kernel problem.  Unless the 
> problem has been corrected in the 4.9 series, I suspect the bug may also 
> persist there - i've not had the opportunity to check 4.9.x kernels as yet.
> 
> I can repeatidly reproduce this bug on my system, so it's definitely not a 
> one off - it causes a kernel panic and complete lock-up every time.
> 
> The NFS share I tested with is exported with options: 
>   rw,async,insecure,insecure_locks,no_root_squash,anongid=99,anonuid=99,no_subtree_check
> (but the export options don't seem to matter to trigger the  bug)
> and mounted on the client with options:
>   vers=4,hard,intr,acl,rw,fsc
> via the Linux automounter (but the issue persists on mounts from fstab or 
> when mounted manually).
> 
> To reproduce the bug is quite simple...
> 1) Set up the server export and client mount as detailed above.
> 2) From the console (or in a terminal; but I only tested this once) in the 
> directory where you've mounted the NFS share, run:
>   nano testfile.txt
> and add write some text to the file.
> 2) Save the file and exit (Ctl+X is how I did it).
> 3) When back at the prompt, immediately hit the up arrow on the keyboard (to
> load the last typed command into the buffer) and hit enter.
> 4) Watch as the pretty text of the panic scrolls by :)
> 
> With the help of people on the nano-dev mailing list, I figured out that 
> it's the 'fsc' option which causes the panic - repeated tests without that 
> option active do not trigger it.  However, this is /not/ a nano specific bug 
> - it can be triggered by any command used on the mount.  And besides, nano 
> shouldn't be able to take down the system :)
> 
> If any further information is required, please don't hesitate to reply.
> 
> Darren.
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ