lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 18 May 2020 17:35:10 -0700
From:   Mike Kravetz <mike.kravetz@...cle.com>
To:     Colin Walters <walters@...bum.org>,
        Miklos Szeredi <miklos@...redi.hu>
Cc:     syzbot <syzbot+d6ec23007e951dadf3de@...kaller.appspotmail.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, Miklos Szeredi <mszeredi@...hat.com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Al Viro <viro@...iv.linux.org.uk>
Subject: Re: kernel BUG at mm/hugetlb.c:LINE!

On 5/18/20 4:41 PM, Colin Walters wrote:
> 
> On Tue, May 12, 2020, at 11:04 AM, Miklos Szeredi wrote:
> 
>>> However, in this syzbot test case the 'file' is in an overlayfs filesystem
>>> created as follows:
>>>
>>> mkdir("./file0", 000)                   = 0
>>> mount(NULL, "./file0", "hugetlbfs", MS_MANDLOCK|MS_POSIXACL, NULL) = 0
>>> chdir("./file0")                        = 0
>>> mkdir("./file1", 000)                   = 0
>>> mkdir("./bus", 000)                     = 0
>>> mkdir("./file0", 000)                   = 0
>>> mount("\177ELF\2\1\1", "./bus", "overlay", 0, "lowerdir=./bus,workdir=./file1,u"...) = 0
> 
> Is there any actual valid use case for mounting an overlayfs on top of hugetlbfs?  I can't think of one.  Why isn't the response to this to instead only allow mounting overlayfs on top of basically a set of whitelisted filesystems?
> 

I can not think of a use case.  I'll let Miklos comment on adding whitelist
capability to overlayfs.

IMO - This BUG/report revealed two issues.  First is the BUG by mmap'ing
a hugetlbfs file on overlayfs.  The other is that core mmap code will skip
any filesystem specific get_unmapped area routine if on a union/overlay.
My patch fixes both, but if we go with a whitelist approach and don't allow
hugetlbfs I think we still need to address the filesystem specific
get_unmapped area issue.  That is easy enough to do by adding a routine to
overlayfs which calls the routine for the underlying fs.

-- 
Mike Kravetz

Powered by blists - more mailing lists