lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170412005853.vqyuo6722tmthn5u@codemonkey.org.uk>
Date:   Tue, 11 Apr 2017 20:58:53 -0400
From:   Dave Jones <davej@...emonkey.org.uk>
To:     Al Viro <viro@...IV.linux.org.uk>
Cc:     Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: iov_iter_pipe warning.

On Wed, Apr 12, 2017 at 01:17:46AM +0100, Al Viro wrote:
 > On Tue, Apr 11, 2017 at 08:06:07PM -0400, Dave Jones wrote:
 > > On Wed, Apr 12, 2017 at 12:56:41AM +0100, Al Viro wrote:
 > >  > On Wed, Apr 12, 2017 at 12:51:58AM +0100, Al Viro wrote:
 > >  > > On Tue, Apr 11, 2017 at 07:45:58PM -0400, Dave Jones wrote:
 > >  > > >  > 	if (file->f_op->splice_write == generic_splice_sendpage) {
 > >  > > >  > 		struct socket *sock = file->private_data;
 > >  > > >  > 		printk(KERN_ERR "socket [%d, %p]\n", sock->type, sock->ops);
 > >  > > >  > 	}
 > >  > > >  > 	printk(KERN_ERR "in->f_op = %p\n", in->f_op);
 > >  > > > 
 > >  > > > Ugh, this explodes with a million errors when I try to compile it. 
 > >  > > > It misses socket definition, and include <linux/net.h> causes another
 > >  > > > cascade of errors about linkage.h and nonsense.
 > >  > > 
 > >  > > Ignore the socket part - you've already triggered it with NFS file as
 > >  > > destination, so this is not particularly interesting.  I would still like
 > >  > > to see in->f_op and even more - the checks in default_file_splice_read().
 > >  > 
 > >  > ... and the latter had a braino - WARN_ON(size != ret), not len != ret.
 > >  > Diff follows:
 > >  
 > > super fast repro..
 > 
 > Alas, that's just another braino - it checks for non-zero ->buffers (always
 > true) rather than non-zero ->nrbufs (non-empty pipe).  Sorry.  Fixed diff
 > follows:
 
[  462.415864] WARNING: CPU: 0 PID: 21500 at fs/splice.c:985 splice_direct_to_actor+0x13f/0x280
[  462.428443] CPU: 0 PID: 21500 Comm: trinity-c4 Not tainted 4.11.0-rc6-think+ #10 
[  462.453818] Call Trace:
[  462.466415]  dump_stack+0x68/0x93
[  462.478920]  __warn+0xcb/0xf0
[  462.491367]  warn_slowpath_null+0x1d/0x20
[  462.503823]  splice_direct_to_actor+0x13f/0x280
[  462.516236]  ? generic_pipe_buf_nosteal+0x10/0x10
[  462.528606]  do_splice_direct+0x9e/0xd0
[  462.540825]  do_sendfile+0x1d7/0x3c0
[  462.552910]  SyS_sendfile64+0x73/0xe0
[  462.564989]  do_syscall_64+0x66/0x1d0
[  462.576949]  entry_SYSCALL64_slow_path+0x25/0x25
[  462.588872] RIP: 0033:0x7febc78b30f9
[  462.600809] RSP: 002b:00007ffd767b6398 EFLAGS: 00000246
[  462.612790]  ORIG_RAX: 0000000000000028
[  462.624684] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007febc78b30f9
[  462.636737] RDX: 00007febc5c1e000 RSI: 0000000000000130 RDI: 0000000000000130
[  462.648756] RBP: 00007febc7f66000 R08: 0000000000000ff1 R09: fffffffffffffffd
[  462.660709] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
[  462.672627] R13: 00007febc7f66048 R14: 00007febc7f89ad8 R15: 00007febc7f66000
[  462.684586] ---[ end trace d002d06d5879c8a9 ]---
[  462.696557] in->f_op = ffffffffa02df980, ->splice_write = ffffffff812b2b20
$ grep ffffffffa02df980 /proc/kallsyms 
ffffffffa02df980 r nfs4_file_operations	[nfsv4]
$ grep ffffffff812b2b20 /proc/kallsyms 
ffffffff812b2b20 T iter_file_splice_write

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ