lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y06jNzD92Tv5TKxI@debian.me>
Date:   Tue, 18 Oct 2022 19:59:35 +0700
From:   Bagas Sanjaya <bagasdotme@...il.com>
To:     Hsin-Yi Wang <hsinyi@...omium.org>
Cc:     Mirsad Todorovac <mirsad.todorovac@....unizg.hr>,
        Jintao Yin <nicememory@...il.com>, phillip@...ashfs.org.uk,
        linux-kernel@...r.kernel.org, marcmiltenberger@...il.com,
        regressions@...mhuis.info, regressions@...ts.linux.dev,
        srw@...dewatkins.net
Subject: Re: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with
 6.0.0-rc3 through 6.0.0-rc7

On Tue, Oct 18, 2022 at 04:24:46PM +0800, Hsin-Yi Wang wrote:
> Hi Jintao,
> 
> Thanks for pointing out and sorry for missing this. Does the following
> diff improve the issue?
> 
> diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c
> index e56510964b229..7759bd70dfbf2 100644
> --- a/fs/squashfs/file.c
> +++ b/fs/squashfs/file.c
> @@ -600,7 +600,7 @@ static void squashfs_readahead(struct
> readahead_control *ractl)
> 
>                         /* Last page (if present) may have trailing
> bytes not filled */
>                         bytes = res % PAGE_SIZE;
> -                       if (pages[nr_pages - 1]->index == file_end && bytes)
> +                       if ((pages[nr_pages - 1]->index >> shift) ==
> file_end && bytes)
>                                 memzero_page(pages[nr_pages - 1], bytes,
>                                              PAGE_SIZE - bytes);
> 
> 
> readahead only handles the case that the first page and the last page
> have the same block index:
>     index = pages[0]->index >> shift;
>     if ((pages[nr_pages - 1]->index >> shift) != index)
>         goto skip_pages;
> 
> The diff above makes a difference to SQUASHFS_INVALID_BLK case, which
> will not be handled by squashfs_readahead_fragment() if
> index==file_end.
> With the above diff, it will now be memzero_page().

Hi Hsin-Yi Wang, thanks for the proposed diff. However, it was wrapped,
so I have to manually type the changes.

I compiled 6.1-rc1 with your diff applied. For testing, I have both
hello-world and lxd snaps installed. No problems on running the former.
On the latter, I got coredump when trying to start lxd services with
`snap start lxd`. The coredump for lxd processes are attached.

From above, I think b09a7a036d2035 ("squashfs: support reading fragments in readahead call") should be reverted until we come up with proper solution.

Thanks.

-- 
An old man doll... just what I always wanted! - Clara

Download attachment "10181.dump.gz" of type "application/gzip" (38257 bytes)

Download attachment "9076.dump.gz" of type "application/gzip" (37522 bytes)

Download attachment "9109.dump.gz" of type "application/gzip" (37598 bytes)

Download attachment "9135.dump.gz" of type "application/gzip" (37582 bytes)

Download attachment "9158.dump.gz" of type "application/gzip" (37522 bytes)

Download attachment "9186.dump.gz" of type "application/gzip" (37683 bytes)

Download attachment "9558.dump.gz" of type "application/gzip" (38267 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ