lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yt6DjrMdIhpQmm7V@codewreck.org>
Date:   Mon, 25 Jul 2022 20:50:38 +0900
From:   asmadeus@...ewreck.org
To:     Vlastimil Babka <vbabka@...e.cz>
Cc:     syzbot <syzbot+5e28cdb7ebd0f2389ca4@...kaller.appspotmail.com>,
        akpm@...ux-foundation.org, davem@...emloft.net,
        edumazet@...gle.com, elver@...gle.com, ericvh@...il.com,
        hdanton@...a.com, k.kahurani@...il.com, kuba@...nel.org,
        linux-kernel@...r.kernel.org, linux_oss@...debyte.com,
        lucho@...kov.net, netdev@...r.kernel.org, pabeni@...hat.com,
        rientjes@...gle.com, syzkaller-bugs@...glegroups.com,
        torvalds@...ux-foundation.org, v9fs-developer@...ts.sourceforge.net
Subject: Re: [syzbot] WARNING in p9_client_destroy

Vlastimil Babka wrote on Mon, Jul 25, 2022 at 12:15:24PM +0200:
> On 7/24/22 15:17, syzbot wrote:
> > syzbot has bisected this issue to:
> > 
> > commit 7302e91f39a81a9c2efcf4bc5749d18128366945
> > Author: Marco Elver <elver@...gle.com>
> > Date:   Fri Jan 14 22:03:58 2022 +0000
> > 
> >     mm/slab_common: use WARN() if cache still has objects on destroy
> 
> Just to state the obvious, bisection pointed to a commit that added the
> warning, but the reason for the warning would be that p9 is destroying a
> kmem_cache without freeing all the objects there first, and that would be
> true even before the commit.

Probably true from the moment that cache/idr was introduced... I've got
a couple of fixes in next but given syzcaller claims that's the tree it
was produced on I guess there can be more such leaks.
(well, the lines it sent in the backtrace yesterday don't match next,
but I wouldn't count on it)

If someone wants to have a look please feel free, I would bet the
problem is just that p9_fd_close() doesn't call or does something
equivalent to p9_conn_cancel() and there just are some requests that
haven't been sent yet when the mount is closed..
But I don't have/can/want to take the time to check right now as I
consider such a leak harmless enough, someone has to be root or
equivalent to do 9p mounts in most cases.

-- 
Dominique

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ