lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMo8BfJHcLQ_TuacCwdhQYB-nhpdBrCq5EuB=E7SafP15=kd3A@mail.gmail.com>
Date:   Sun, 6 Oct 2019 21:04:19 -0700
From:   Max Filippov <jcmvbkbc@...il.com>
To:     Guenter Roeck <linux@...ck-us.net>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user()

On Sun, Oct 6, 2019 at 3:25 PM Guenter Roeck <linux@...ck-us.net> wrote:
> this patch causes all my sparc64 emulations to stall during boot. It causes
> all alpha emulations to crash with [1a] and [1b] when booting from a virtual
> disk, and one of the xtensa emulations to crash with [2].

[...]

> [2]
>
> Unable to handle kernel paging request at virtual address 0000000000000004
> reboot(50): Oops -1
> pc = [<0000000000000004>]  ra = [<fffffc00004512e4>]  ps = 0000    Tainted: G      D
> pc is at 0x4
> ra is at filldir64+0x64/0x320
> v0 = 0000000000000000  t0 = 0000000067736d6b  t1 = 000000012011445b
> t2 = 0000000000000000  t3 = 0000000000000000  t4 = 0000000000007ef8
> t5 = 0000000120114448  t6 = 0000000000000000  t7 = fffffc0007eec000
> s0 = fffffc000792b5c3  s1 = 0000000000000004  s2 = 0000000000000018
> s3 = fffffc0007eefec8  s4 = 0000000000000008  s5 = 00000000f00000a3
> s6 = 000000000000000b
> a0 = fffffc000792b5c3  a1 = 2f2f2f2f2f2f2f2f  a2 = 0000000000000004
> a3 = 000000000000000b  a4 = 00000000f00000a3  a5 = 0000000000000008
> t8 = 0000000000000018  t9 = 0000000000000000  t10= 0000000022e1d02a
> t11= 000000011fd6f3b8  pv = fffffc0000b9a810  at = 0000000022e1ccf8
> gp = fffffc0000f03930  sp = (____ptrval____)
> Trace:
> [<fffffc00004ccba0>] proc_readdir_de+0x170/0x300
> [<fffffc0000451280>] filldir64+0x0/0x320
> [<fffffc00004c565c>] proc_root_readdir+0x3c/0x80
> [<fffffc0000450c68>] iterate_dir+0x198/0x240
> [<fffffc00004518b8>] ksys_getdents64+0xa8/0x160
> [<fffffc0000451990>] sys_getdents64+0x20/0x40
> [<fffffc0000451280>] filldir64+0x0/0x320
> [<fffffc0000311634>] entSys+0xa4/0xc0

This doesn't look like a dump from xtensa core.
v5.4-rc2 kernel doesn't crash for me on xtensa, but the userspace
doesn't work well, because all directories appear to be empty.

__put_user/__get_user don't do unaligned access on xtensa,
they check address alignment and return -EFAULT if it's bad.

-- 
Thanks.
-- Max

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ