lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <31941725-BEB0-4839-945A-4952C2B5ADC7@lca.pw>
Date:   Tue, 12 May 2020 15:50:32 -0400
From:   Qian Cai <cai@....pw>
To:     David Howells <dhowells@...hat.com>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>
Subject: Null-ptr-deref due to "vfs, fsinfo: Add an RCU safe per-ns mount
 list"

Reverted the linux-next commit ee8ad8190cb1 (“vfs, fsinfo: Add an RCU safe per-ns mount list”) fixed the null-ptr-deref.

# runc run root

[ 1531.635242][ T4444] BUG: Kernel NULL pointer dereference on write at 0x00000000
[ 1531.635285][ T4444] Faulting instruction address: 0xc0000000005689e0
[ 1531.635299][ T4444] Oops: Kernel access of bad area, sig: 11 [#1]
[ 1531.635310][ T4444] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=256 DEBUG_PAGEALLOC NUMA PowerNV
[ 1531.635331][ T4444] Modules linked in: kvm_hv kvm ip_tables x_tables xfs sd_mod bnx2x tg3 ahci libahci mdio libphy libata firmware_class dm_mirror dm_region_hash dm_log dm_mod
[ 1531.635370][ T4444] CPU: 16 PID: 4444 Comm: runc:[2:INIT] Not tainted 5.7.0-rc5-next-20200512+ #9
[ 1531.635383][ T4444] NIP:  c0000000005689e0 LR: c0000000005689b0 CTR: 0000000000000000
[ 1531.635413][ T4444] REGS: c000001323aef980 TRAP: 0300   Not tainted  (5.7.0-rc5-next-20200512+)
[ 1531.635434][ T4444] MSR:  9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 24424282  XER: 00000000
[ 1531.635468][ T4444] CFAR: c0000000006f9eec DAR: 0000000000000000 DSISR: 42000000 IRQMASK: 0 
[ 1531.635468][ T4444] GPR00: c000000000570000 c000001323aefc10 c00000000168aa00 0000000000000001 
[ 1531.635468][ T4444] GPR04: c0000015934e9e98 c0000015934e9e98 00000000283df117 fffffffe4386c189 
[ 1531.635468][ T4444] GPR08: c000001323aefc38 0000000000000000 0000000000000000 0000000000000002 
[ 1531.635468][ T4444] GPR12: 0000000024402282 c000001fffff1800 000000c000229990 000000000000000a 
[ 1531.635468][ T4444] GPR16: ffffffffffffffff 0000000000000000 000000000000007a 000000012479c68c 
[ 1531.635468][ T4444] GPR20: 0000000000000000 000000c000000180 0000000000000000 0000000000000000 
[ 1531.635468][ T4444] GPR24: 0000000000000000 c00000000516b870 c00000000516b858 5deadbeef0000122 
[ 1531.635468][ T4444] GPR28: c000001323aefc38 c0000015934e9e00 c0000015934e9ea8 c0000015934e9e98 
[ 1531.635652][ T4444] NIP [c0000000005689e0] umount_tree+0x250/0x470
__write_once_size at include/linux/compiler.h:250
(inlined by) __hlist_del at include/linux/list.h:811
(inlined by) hlist_del_rcu at include/linux/rculist.h:487
(inlined by) umount_tree at fs/namespace.c:1485
[ 1531.635672][ T4444] LR [c0000000005689b0] umount_tree+0x220/0x470
[ 1531.635682][ T4444] Call Trace:
[ 1531.635709][ T4444] [c000001323aefca0] [c000000000570000] do_mount+0xb70/0xc90
[ 1531.635738][ T4444] [c000001323aefd70] [c0000000005706f8] sys_mount+0x158/0x180
[ 1531.635760][ T4444] [c000001323aefdc0] [c000000000038ac4] system_call_exception+0x114/0x1e0
[ 1531.635799][ T4444] [c000001323aefe20] [c00000000000c8f0] system_call_common+0xf0/0x278
[ 1531.635828][ T4444] Instruction dump:
[ 1531.635836][ T4444] 60000000 2fa30000 419e0014 e93f0008 e95f0000 f92a0008 f9490000 e93fffb8 
[ 1531.635860][ T4444] e95fffc0 fbff0000 fbff0008 2fa90000 <f92a0000> 419e0008 f9490008 e93f0058 
[ 1531.635885][ T4444] ---[ end trace f12075f6fac94362 ]---
[ 1531.748352][ T4444] 
[ 1532.748433][ T4444] Kernel panic - not syncing: Fatal exception

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ