| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Aug 2018 19:19:35 +0300
From: Kirill Tkhai <ktkhai@...tuozzo.com>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: Commit "new primitive: discard_new_inode()" introduces a problem
On 01.08.2018 19:16, Al Viro wrote:
> On Wed, Aug 01, 2018 at 05:11:51PM +0100, Al Viro wrote:
>> On Wed, Aug 01, 2018 at 06:43:56PM +0300, Kirill Tkhai wrote:
>>> #git status
>>> HEAD detached at 22dc9a168272
>>
>> Wait a sec - just that commit? With discard_new_inode() not even
>> used anywhere? Then any of those -ENOMEM is disguised ERR_PTR(-ESTALE)
>> from find_inode()/find_inode_fast(), i.e. an inode found by
>> iget5_locked() (your /etc is on ext4) with I_CREATING still set.
>
> iget_locked(), that is.
[ 32.266377] WARNING: CPU: 0 PID: 2301 at fs/inode.c:841 find_inode_fast.isra.24+0x90/0xa0
[ 32.268509] CPU: 0 PID: 2301 Comm: grep Not tainted 4.18.0-rc1+ #32
[ 32.269209] RIP: 0010:find_inode_fast.isra.24+0x90/0xa0
[ 32.269789] Code: 48 89 d8 5b 5d 41 5c 41 5d 41 5e c3 f6 c4 80 75 11 f0 ff 83 30 01 00 00 4c 89 f7 e8 4a 7c 24 00 eb de 4c 89 f7 e8 40 7c 24 00 <0f> 0b 48 c7 c3 8c ff ff ff eb cb 0f 1f 44 00 00 41 54 49 c7 c4 30
[ 32.271876] RSP: 0018:ffffc9000113fb80 EFLAGS: 00010282
[ 32.272448] RAX: 0000000080000001 RBX: ffff88013aff9088 RCX: 0000000000000002
[ 32.273231] RDX: 0000000080000002 RSI: ffff88013fec2350 RDI: 00000000ffffffff
[ 32.274019] RBP: 00000000000405fb R08: ffff88013950c400 R09: ffff88013ac43ea0
[ 32.274796] R10: 0000000000000014 R11: 0000000000000014 R12: ffff88013b199000
[ 32.275579] R13: ffff88013fec2350 R14: ffff88013aff90f8 R15: ffff880135cb5180
[ 32.276355] FS: 0000000000000000(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
[ 32.277189] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.277786] CR2: 00007f6f73e26018 CR3: 000000013a98f000 CR4: 00000000000006b0
[ 32.278513] Call Trace:
[ 32.278777] ? iget_locked+0x69/0x190
[ 32.279162] ? ext4_iget+0x3f/0xc00
[ 32.279443] ? preempt_count_add+0x44/0x90
[ 32.279733] ? d_alloc_parallel+0x358/0x4f0
[ 32.280039] ? ext4_lookup+0xd6/0x200
[ 32.280282] ? path_openat+0x9d6/0x1400
[ 32.280537] ? do_filp_open+0x8e/0x100
[ 32.280842] ? __lru_cache_add+0x6e/0x90
[ 32.281300] ? kmem_cache_alloc+0x22/0x120
[ 32.281544] ? do_sys_open+0x181/0x210
[ 32.281789] ? do_syscall_64+0x56/0x2f0
[ 32.282046] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 32.282351] ---[ end trace 109b3dd4fd5e6451 ]---
[ 32.282657] WARNING: CPU: 3 PID: 2300 at fs/inode.c:841 find_inode_fast.isra.24+0x90/0xa0
[ 32.283126] CPU: 3 PID: 2300 Comm: parallels-serve Tainted: G W 4.18.0-rc1+ #32
[ 32.283595] RIP: 0010:find_inode_fast.isra.24+0x90/0xa0
[ 32.283881] Code: 48 89 d8 5b 5d 41 5c 41 5d 41 5e c3 f6 c4 80 75 11 f0 ff 83 30 01 00 00 4c 89 f7 e8 4a 7c 24 00 eb de 4c 89 f7 e8 40 7c 24 00 <0f> 0b 48 c7 c3 8c ff ff ff eb cb 0f 1f 44 00 00 41 54 49 c7 c4 30
[ 32.285066] RSP: 0018:ffffc90001137b80 EFLAGS: 00010282
[ 32.285397] RAX: 0000000080000001 RBX: ffff88013aff9088 RCX: 0000000000000002
[ 32.285829] RDX: 0000000080000002 RSI: ffff88013fec2350 RDI: 00000000ffffffff
[ 32.286218] RBP: 00000000000405fb R08: ffff88013950c400 R09: ffff88013ac43ea0
[ 32.286601] R10: 0000000000000014 R11: 0000000000000014 R12: ffff88013b199000
[ 32.287035] R13: ffff88013fec2350 R14: ffff88013aff90f8 R15: ffff880135cb5180
[ 32.287430] FS: 0000000000000000(0000) GS:ffff88013fd80000(0000) knlGS:0000000000000000
[ 32.287872] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.288202] CR2: 00007ffd0f3e4f68 CR3: 0000000139d59000 CR4: 00000000000006a0
[ 32.288650] Call Trace:
[ 32.288871] ? iget_locked+0x69/0x190
[ 32.289106] ? ext4_iget+0x3f/0xc00
[ 32.289333] ? preempt_count_add+0x44/0x90
[ 32.289595] ? d_alloc_parallel+0x358/0x4f0
[ 32.289858] ? ext4_lookup+0xd6/0x200
[ 32.290059] ? path_openat+0x9d6/0x1400
[ 32.290268] ? __mod_node_page_state+0x64/0xa0
[ 32.290510] ? do_filp_open+0x8e/0x100
[ 32.290721] ? __lru_cache_add+0x6e/0x90
[ 32.290968] ? _raw_spin_unlock+0xd/0x20
[ 32.291218] ? __handle_mm_fault+0x6f2/0xbf0
[ 32.291473] ? do_sys_open+0x181/0x210
[ 32.291684] ? do_syscall_64+0x56/0x2f0
[ 32.291932] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 32.292239] ---[ end trace 109b3dd4fd5e6452 ]---
[ 32.314195] WARNING: CPU: 1 PID: 2303 at fs/inode.c:841 find_inode_fast.isra.24+0x90/0xa0
[ 32.314866] CPU: 1 PID: 2303 Comm: uname Tainted: G W 4.18.0-rc1+ #32
[ 32.315479] RIP: 0010:find_inode_fast.isra.24+0x90/0xa0
[ 32.315889] Code: 48 89 d8 5b 5d 41 5c 41 5d 41 5e c3 f6 c4 80 75 11 f0 ff 83 30 01 00 00 4c 89 f7 e8 4a 7c 24 00 eb de 4c 89 f7 e8 40 7c 24 00 <0f> 0b 48 c7 c3 8c ff ff ff eb cb 0f 1f 44 00 00 41 54 49 c7 c4 30
[ 32.317376] RSP: 0018:ffffc900010ffb80 EFLAGS: 00010282
[ 32.317797] RAX: 0000000080000001 RBX: ffff88013aff9088 RCX: 0000000000000002
[ 32.318374] RDX: 0000000080000002 RSI: ffff88013fec2350 RDI: 00000000ffffffff
[ 32.318979] RBP: 00000000000405fb R08: ffff88013950c400 R09: ffff88013ac43ea0
[ 32.319529] R10: 0000000000000014 R11: 0000000000000014 R12: ffff88013b199000
[ 32.320089] R13: ffff88013fec2350 R14: ffff88013aff90f8 R15: ffff880135cb5180
[ 32.320630] FS: 0000000000000000(0000) GS:ffff88013fc80000(0000) knlGS:0000000000000000
[ 32.321258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.321697] CR2: 00007ffc86055fe4 CR3: 000000013b2a4000 CR4: 00000000000006a0
[ 32.322254] Call Trace:
[ 32.322450] ? iget_locked+0x69/0x190
[ 32.322739] ? ext4_iget+0x3f/0xc00
[ 32.323015] ? preempt_count_add+0x44/0x90
[ 32.323334] ? d_alloc_parallel+0x358/0x4f0
[ 32.323655] ? ext4_lookup+0xd6/0x200
[ 32.323943] ? path_openat+0x9d6/0x1400
[ 32.324248] ? do_filp_open+0x8e/0x100
[ 32.324541] ? __lru_cache_add+0x6e/0x90
[ 32.324833] ? _raw_spin_unlock+0xd/0x20
[ 32.325088] ? __handle_mm_fault+0x6f2/0xbf0
[ 32.325335] ? do_sys_open+0x181/0x210
[ 32.325551] ? do_syscall_64+0x56/0x2f0
[ 32.325778] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 32.326100] ---[ end trace 109b3dd4fd5e6453 ]---
[ 32.328654] WARNING: CPU: 3 PID: 2304 at fs/inode.c:841 find_inode_fast.isra.24+0x90/0xa0
[ 32.329183] CPU: 3 PID: 2304 Comm: grep Tainted: G W 4.18.0-rc1+ #32
[ 32.329600] RIP: 0010:find_inode_fast.isra.24+0x90/0xa0
[ 32.329887] Code: 48 89 d8 5b 5d 41 5c 41 5d 41 5e c3 f6 c4 80 75 11 f0 ff 83 30 01 00 00 4c 89 f7 e8 4a 7c 24 00 eb de 4c 89 f7 e8 40 7c 24 00 <0f> 0b 48 c7 c3 8c ff ff ff eb cb 0f 1f 44 00 00 41 54 49 c7 c4 30
[ 32.330947] RSP: 0018:ffffc900010ffb80 EFLAGS: 00010282
[ 32.331246] RAX: 0000000080000001 RBX: ffff88013aff9088 RCX: 0000000000000002
[ 32.331651] RDX: 0000000080000002 RSI: ffff88013fec2350 RDI: 00000000ffffffff
[ 32.332083] RBP: 00000000000405fb R08: ffff88013950c400 R09: ffff88013ac43ea0
[ 32.332476] R10: 0000000000000014 R11: 0000000000000014 R12: ffff88013b199000
[ 32.332871] R13: ffff88013fec2350 R14: ffff88013aff90f8 R15: ffff880135cb5180
[ 32.333277] FS: 0000000000000000(0000) GS:ffff88013fd80000(0000) knlGS:0000000000000000
[ 32.333725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.334054] CR2: 00007f49836d1018 CR3: 0000000139475000 CR4: 00000000000006a0
[ 32.334438] Call Trace:
[ 32.334578] ? iget_locked+0x69/0x190
[ 32.334790] ? ext4_iget+0x3f/0xc00
[ 32.334990] ? preempt_count_add+0x44/0x90
[ 32.335213] ? d_alloc_parallel+0x358/0x4f0
[ 32.335445] ? ext4_lookup+0xd6/0x200
[ 32.335650] ? path_openat+0x9d6/0x1400
[ 32.335888] ? mmap_region+0x265/0x590
[ 32.336097] ? do_filp_open+0x8e/0x100
[ 32.336306] ? __lru_cache_add+0x6e/0x90
[ 32.336522] ? kmem_cache_alloc+0x22/0x120
[ 32.336756] ? do_sys_open+0x181/0x210
[ 32.336968] ? do_syscall_64+0x56/0x2f0
[ 32.337180] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 32.337461] ---[ end trace 109b3dd4fd5e6454 ]---
[ 32.341735] WARNING: CPU: 1 PID: 2300 at fs/inode.c:841 find_inode_fast.isra.24+0x90/0xa0
[ 32.342298] CPU: 1 PID: 2300 Comm: parallels-serve Tainted: G W 4.18.0-rc1+ #32
[ 32.342767] RIP: 0010:find_inode_fast.isra.24+0x90/0xa0
[ 32.343116] Code: 48 89 d8 5b 5d 41 5c 41 5d 41 5e c3 f6 c4 80 75 11 f0 ff 83 30 01 00 00 4c 89 f7 e8 4a 7c 24 00 eb de 4c 89 f7 e8 40 7c 24 00 <0f> 0b 48 c7 c3 8c ff ff ff eb cb 0f 1f 44 00 00 41 54 49 c7 c4 30
[ 32.344127] RSP: 0018:ffffc90001137a68 EFLAGS: 00010282
[ 32.344405] RAX: 0000000080000001 RBX: ffff880135cc1858 RCX: 0000000000000002
[ 32.344785] RDX: 0000000080000002 RSI: ffff88013ff13260 RDI: 00000000ffffffff
[ 32.345162] RBP: 00000000000c04c0 R08: ffff88013950c400 R09: ffff88013ac46548
[ 32.345533] R10: 000000000000001c R11: 000000000000001c R12: ffff88013b199000
[ 32.345914] R13: ffff88013ff13260 R14: ffff880135cc18c8 R15: 0000000000000000
[ 32.346291] FS: 00007fedf735d700(0000) GS:ffff88013fc80000(0000) knlGS:0000000000000000
[ 32.346732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.347078] CR2: 0000000002741088 CR3: 0000000139d59000 CR4: 00000000000006a0
[ 32.347522] Call Trace:
[ 32.347676] ? iget_locked+0x69/0x190
[ 32.347893] ? ext4_iget+0x3f/0xc00
[ 32.348082] ? preempt_count_add+0x44/0x90
[ 32.348303] ? d_alloc_parallel+0x358/0x4f0
[ 32.348527] ? ext4_lookup+0xd6/0x200
[ 32.348789] ? __lookup_slow+0x8c/0x150
[ 32.348997] ? lookup_slow+0x30/0x50
[ 32.349190] ? walk_component+0x1b4/0x490
[ 32.349405] ? path_lookupat.isra.75+0x70/0x200
[ 32.349646] ? filename_lookup.part.76+0x9b/0x120
[ 32.349907] ? kmem_cache_alloc+0x22/0x120
[ 32.350127] ? getname_flags+0x49/0x170
[ 32.350333] ? vfs_statx+0x6e/0xd0
[ 32.350517] ? _raw_spin_unlock+0xd/0x20
[ 32.350732] ? __handle_mm_fault+0x6f2/0xbf0
[ 32.350962] ? __do_sys_newstat+0x39/0x70
[ 32.351178] ? _copy_to_user+0x26/0x30
[ 32.351396] ? __x64_sys_rt_sigprocmask+0x8a/0xd0
[ 32.351697] ? do_syscall_64+0x56/0x2f0
[ 32.351946] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 32.352278] ---[ end trace 109b3dd4fd5e6455 ]---
[ 32.352667] WARNING: CPU: 1 PID: 2300 at fs/inode.c:841 find_inode_fast.isra.24+0x90/0xa0
[ 32.353193] CPU: 1 PID: 2300 Comm: parallels-serve Tainted: G W 4.18.0-rc1+ #32
[ 32.353739] RIP: 0010:find_inode_fast.isra.24+0x90/0xa0
[ 32.354069] Code: 48 89 d8 5b 5d 41 5c 41 5d 41 5e c3 f6 c4 80 75 11 f0 ff 83 30 01 00 00 4c 89 f7 e8 4a 7c 24 00 eb de 4c 89 f7 e8 40 7c 24 00 <0f> 0b 48 c7 c3 8c ff ff ff eb cb 0f 1f 44 00 00 41 54 49 c7 c4 30
[ 32.355255] RSP: 0018:ffffc90001137a68 EFLAGS: 00010282
[ 32.355566] RAX: 0000000080000001 RBX: ffff880135c8efc8 RCX: 0000000000000002
[ 32.355991] RDX: 0000000080000002 RSI: ffff88013ffb6d28 RDI: 00000000ffffffff
[ 32.356411] RBP: 00000000000c0485 R08: ffff88013950c400 R09: ffff88013ac453a8
[ 32.356792] R10: 0000000000000018 R11: 0000000000000018 R12: ffff88013b199000
[ 32.357297] R13: ffff88013ffb6d28 R14: ffff880135c8f038 R15: 0000000000000000
[ 32.357820] FS: 00007fedf735d700(0000) GS:ffff88013fc80000(0000) knlGS:0000000000000000
[ 32.358430] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.359200] CR2: 0000000002741088 CR3: 0000000139d59000 CR4: 00000000000006a0
[ 32.359622] Call Trace:
[ 32.359768] ? iget_locked+0x69/0x190
[ 32.359967] ? ext4_iget+0x3f/0xc00
[ 32.360167] ? preempt_count_add+0x44/0x90
[ 32.360388] ? d_alloc_parallel+0x358/0x4f0
[ 32.360615] ? ext4_lookup+0xd6/0x200
[ 32.360820] ? __lookup_slow+0x8c/0x150
[ 32.361031] ? lookup_slow+0x30/0x50
[ 32.361224] ? walk_component+0x1b4/0x490
[ 32.361439] ? path_lookupat.isra.75+0x70/0x200
[ 32.361698] ? filename_lookup.part.76+0x9b/0x120
[ 32.361974] ? kmem_cache_alloc+0x22/0x120
[ 32.362215] ? getname_flags+0x49/0x170
[ 32.362436] ? vfs_statx+0x6e/0xd0
[ 32.362634] ? _raw_spin_unlock+0xd/0x20
[ 32.362868] ? __handle_mm_fault+0x6f2/0xbf0
[ 32.363108] ? __do_sys_newstat+0x39/0x70
[ 32.363357] ? sigprocmask+0x6d/0x90
[ 32.363546] ? _copy_to_user+0x26/0x30
[ 32.363776] ? __x64_sys_rt_sigprocmask+0x8a/0xd0
[ 32.364046] ? do_syscall_64+0x56/0x2f0
[ 32.364259] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 32.364546] ---[ end trace 109b3dd4fd5e6456 ]---
[ 33.075577] WARNING: CPU: 3 PID: 2305 at fs/inode.c:841 find_inode_fast.isra.24+0x90/0xa0
[ 33.076723] CPU: 3 PID: 2305 Comm: dmesg Tainted: G W 4.18.0-rc1+ #32
[ 33.077766] RIP: 0010:find_inode_fast.isra.24+0x90/0xa0
[ 33.078466] Code: 48 89 d8 5b 5d 41 5c 41 5d 41 5e c3 f6 c4 80 75 11 f0 ff 83 30 01 00 00 4c 89 f7 e8 4a 7c 24 00 eb de 4c 89 f7 e8 40 7c 24 00 <0f> 0b 48 c7 c3 8c ff ff ff eb cb 0f 1f 44 00 00 41 54 49 c7 c4 30
[ 33.081018] RSP: 0018:ffffc90001107b80 EFLAGS: 00010282
[ 33.081721] RAX: 0000000080000001 RBX: ffff88013aff9088 RCX: 0000000000000002
[ 33.082670] RDX: 0000000080000002 RSI: ffff88013fec2350 RDI: 00000000ffffffff
[ 33.083613] RBP: 00000000000405fb R08: ffff88013950c400 R09: ffff88013ac43ea0
[ 33.084521] R10: 0000000000000014 R11: 0000000000000014 R12: ffff88013b199000
[ 33.085259] R13: ffff88013fec2350 R14: ffff88013aff90f8 R15: ffff880135cb5180
[ 33.085882] FS: 0000000000000000(0000) GS:ffff88013fd80000(0000) knlGS:0000000000000000
[ 33.086433] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.086841] CR2: 00007f85a9d03018 CR3: 0000000139d99000 CR4: 00000000000006a0
[ 33.087267] Call Trace:
[ 33.087410] ? iget_locked+0x69/0x190
[ 33.087839] ? ext4_iget+0x3f/0xc00
[ 33.088059] ? preempt_count_add+0x44/0x90
[ 33.088285] ? d_alloc_parallel+0x358/0x4f0
[ 33.088515] ? ext4_lookup+0xd6/0x200
[ 33.088725] ? path_openat+0x9d6/0x1400
[ 33.088937] ? do_filp_open+0x8e/0x100
[ 33.089153] ? __lru_cache_add+0x6e/0x90
[ 33.089363] ? kmem_cache_alloc+0x22/0x120
[ 33.089582] ? do_sys_open+0x181/0x210
[ 33.089788] ? do_syscall_64+0x56/0x2f0
[ 33.089994] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 33.090271] ---[ end trace 109b3dd4fd5e6457 ]---
Powered by blists - more mailing lists