lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b811fb3a-b5bb-bb0d-0cdf-e5bc0e88836f@gmail.com>
Date:   Sun, 16 Oct 2022 19:24:37 +0700
From:   Bagas Sanjaya <bagasdotme@...il.com>
To:     Phillip Lougher <phillip@...ashfs.org.uk>,
        regressions@...mhuis.info, mirsad.todorovac@....unizg.hr
Cc:     linux-kernel@...r.kernel.org, marcmiltenberger@...il.com,
        regressions@...ts.linux.dev, srw@...dewatkins.net,
        stable@...r.kernel.org
Subject: Re: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with
 6.0.0-rc3 through 6.0.0-rc7

On 10/16/22 19:21, Bagas Sanjaya wrote:
> On 10/16/22 03:59, Phillip Lougher wrote:
>>
>> Which identified the "squashfs: support reading fragments in readahead call"
>> patch.
>>
>> There is a race-condition introduced in that patch, which involves cache
>> releasing and reuse.
>>
>> The following diff will fix that race-condition.  It would be great if
>> someone could test and verify before sending it out as a patch.
>>
>> Thanks
>>
>> Phillip
>>
>> diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c
>> index e56510964b22..6cc23178e9ad 100644
>> --- a/fs/squashfs/file.c
>> +++ b/fs/squashfs/file.c
>> @@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(struct page **page,
>>  		squashfs_i(inode)->fragment_size);
>>  	struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
>>  	unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
>> +	int error = buffer->error;
>>  
>> -	if (buffer->error)
>> +	if (error)
>>  		goto out;
>>  
>>  	expected += squashfs_i(inode)->fragment_offset;
>> @@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(struct page **page,
>>  
>>  out:
>>  	squashfs_cache_put(buffer);
>> -	return buffer->error;
>> +	return error;
>>  }
>>  
>>  static void squashfs_readahead(struct readahead_control *ractl)
>>
> 
> No Verneed warnings so far. However, I need to test for a longer time
> (a day) to check if any warnings are reported.
> 
> Thanks.
> 

Also, since this regression is also found on linux-6.0.y stable branch,
don't forget to Cc stable list.

Thanks.

-- 
An old man doll... just what I always wanted! - Clara

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ