| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jan 2017 18:57:55 +0100
From: Borislav Petkov <bp@...en8.de>
To: Miklos Szeredi <miklos@...redi.hu>
Cc: Tahsin Erdogan <tahsin@...gle.com>, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fuse: clear FR_PENDING flag when moving requests out of
pending queue
Hi,
On Fri, Jan 13, 2017 at 12:13:04PM +0100, Miklos Szeredi wrote:
> On Thu, Jan 12, 2017 at 9:04 PM, Tahsin Erdogan <tahsin@...gle.com> wrote:
> > fuse_abort_conn() moves requests from pending list to a temporary list
> > before canceling them. This operation races with request_wait_answer()
> > which also tries to remove the request after it gets a fatal signal. It
> > checks FR_PENDING flag to determine whether the request is still in the
> > pending list.
> >
> > Make fuse_abort_conn() clear FR_PENDING flag so that request_wait_answer()
> > does not remove the request from temporary list.
> >
> > This bug manifests itself as a panic that looks like this:
>
> Perfect patch; applied and pushed.
I'm seeing something similar here while the grub OS prober checks the
other partitions. It is not always reproducible, I saw it only twice so
far.
Related?
[ 568.562174] ntfs: driver 2.1.32 [Flags: R/W MODULE].
[ 568.575436] fuse init (API version 7.26)
[ 568.707737] general protection fault: 0000 [#1] PREEMPT SMP
[ 568.708509] Modules linked in: fuse ntfs msdos ext2 msr cpufreq_powersave cpufreq_userspace cpufreq_conservative binfmt_misc uinput vfat fat loop dm_crypt dm_mod hid_generic usbhid hid snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic iTCO_wdt iTCO_vendor_support x86_pkg_temp_thermal coretemp kvm_intel arc4 kvm irqbypass iwldvm crc32_pclmul mac80211 crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper intel_cstate snd_hda_intel intel_rapl_perf snd_hda_codec serio_raw iwlwifi pcspkr snd_hwdep snd_hda_core sdhci_pci sg cfg80211 sdhci snd_pcm mmc_core i2c_i801 xhci_pci lpc_ich snd_timer ehci_pci thinkpad_acpi e1000e mfd_core xhci_hcd ehci_hcd nvram snd soundcore wmi thermal led_class battery ac
[ 568.712473] CPU: 1 PID: 8817 Comm: grub-mount Not tainted 4.10.0-rc3+ #3
[ 568.713283] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET86WW (2.06 ) 11/13/2012
[ 568.714105] task: ffffa3b98f418000 task.stack: ffffbb9801834000
[ 568.714944] RIP: 0010:memcpy_erms+0x6/0x10
[ 568.715795] RSP: 0018:ffffbb9801837ce8 EFLAGS: 00010202
[ 568.716942] RAX: ffff6731b2486010 RBX: ffffbb9801837e08 RCX: 0000000000000028
[ 568.718098] RDX: 0000000000000028 RSI: ffffa3b95ee12578 RDI: ffff6731b2486010
[ 568.719216] RBP: ffffbb9801837d18 R08: 0000000000000000 R09: 0000000000000000
[ 568.720087] R10: 0000000000000001 R11: 0000000000000000 R12: ffffbb9801837d2c
[ 568.720948] R13: 0000000000000028 R14: ffffbb9801837d30 R15: 0000000000000028
[ 568.721814] FS: 00007f8fc5f85800(0000) GS:ffffa3b99d280000(0000) knlGS:0000000000000000
[ 568.723023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 568.723920] CR2: 00007f8fc5592a10 CR3: 00000001deedd000 CR4: 00000000001406e0
[ 568.725136] Call Trace:
[ 568.726358] ? fuse_copy_do+0xec/0x110 [fuse]
[ 568.727279] fuse_copy_one+0x53/0x70 [fuse]
[ 568.728510] fuse_dev_do_read.isra.29.constprop.34+0x478/0x630 [fuse]
[ 568.729427] ? filemap_map_pages+0x258/0x450
[ 568.730344] ? filemap_map_pages+0x5/0x450
[ 568.731457] fuse_dev_read+0x54/0x60 [fuse]
[ 568.732697] __vfs_read+0xbd/0x110
[ 568.733932] vfs_read+0x93/0x130
[ 568.735138] SyS_read+0x49/0xa0
[ 568.736361] entry_SYSCALL_64_fastpath+0x1c/0xb1
[ 568.737270] RIP: 0033:0x7f8fc564c160
[ 568.738498] RSP: 002b:00007ffc89d1c408 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 568.739583] RAX: ffffffffffffffda RBX: 0000000000000046 RCX: 00007f8fc564c160
[ 568.740521] RDX: 0000000000021000 RSI: 00007f8fc5fac010 RDI: 0000000000000004
[ 568.741802] RBP: 00007ffc89d1c560 R08: ffffffffffffffff R09: 0000000000000000
[ 568.743083] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000c07910
[ 568.744048] R13: 0000000000c07250 R14: 0000000000c07250 R15: 0000000000021000
[ 568.745337] Code: e9 6d ff ff ff eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38
[ 568.747875] RIP: memcpy_erms+0x6/0x10 RSP: ffffbb9801837ce8
[ 568.748957] ---[ end trace 6abe98048307269b ]---
[ 568.749717] note: grub-mount[8817] exited with preempt_count 1
[ 568.749934] ------------[ cut here ]------------
[ 568.749938] WARNING: CPU: 1 PID: 8817 at fs/fuse/dev.c:2136 fuse_dev_release+0x71/0x90 [fuse]
[ 568.749939] Modules linked in: fuse ntfs msdos ext2 msr cpufreq_powersave cpufreq_userspace cpufreq_conservative binfmt_misc uinput vfat fat loop dm_crypt dm_mod hid_generic usbhid hid snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic iTCO_wdt iTCO_vendor_support x86_pkg_temp_thermal coretemp kvm_intel arc4 kvm irqbypass iwldvm crc32_pclmul mac80211 crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper intel_cstate snd_hda_intel intel_rapl_perf snd_hda_codec serio_raw iwlwifi pcspkr snd_hwdep snd_hda_core sdhci_pci sg cfg80211 sdhci snd_pcm mmc_core i2c_i801 xhci_pci lpc_ich snd_timer ehci_pci thinkpad_acpi e1000e mfd_core xhci_hcd ehci_hcd nvram snd soundcore wmi thermal led_class battery ac
[ 568.749967] CPU: 1 PID: 8817 Comm: grub-mount Tainted: G D 4.10.0-rc3+ #3
[ 568.749968] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET86WW (2.06 ) 11/13/2012
[ 568.749969] Call Trace:
[ 568.749972] dump_stack+0x67/0x92
[ 568.749975] __warn+0xcb/0xf0
[ 568.749978] warn_slowpath_null+0x1d/0x20
[ 568.749981] fuse_dev_release+0x71/0x90 [fuse]
[ 568.749983] __fput+0xd9/0x1e0
[ 568.749985] ____fput+0xe/0x10
[ 568.749988] task_work_run+0x7e/0xa0
[ 568.749989] do_exit+0x2d8/0xbd0
[ 568.749991] ? SyS_read+0x49/0xa0
[ 568.749993] rewind_stack_do_exit+0x17/0x20
[ 568.749995] RIP: 0033:0x7f8fc564c160
[ 568.749995] RSP: 002b:00007ffc89d1c408 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 568.749997] RAX: ffffffffffffffda RBX: 0000000000000046 RCX: 00007f8fc564c160
[ 568.749998] RDX: 0000000000021000 RSI: 00007f8fc5fac010 RDI: 0000000000000004
[ 568.749999] RBP: 00007ffc89d1c560 R08: ffffffffffffffff R09: 0000000000000000
[ 568.750000] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000c07910
[ 568.750000] R13: 0000000000c07250 R14: 0000000000c07250 R15: 0000000000021000
[ 568.750002] ---[ end trace 6abe98048307269c ]---
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists