lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f0627b05-1f51-8683-75ad-17e5899efb2b@linux.alibaba.com>
Date:   Tue, 8 Nov 2022 11:28:39 +0800
From:   JeffleXu <jefflexu@...ux.alibaba.com>
To:     David Howells <dhowells@...hat.com>, willy@...radead.org
Cc:     George Law <glaw@...hat.com>, Jeff Layton <jlayton@...nel.org>,
        linux-kernel@...r.kernel.org, linux-cachefs@...hat.com,
        linux-fsdevel@...r.kernel.org
Subject: Re: [Linux-cachefs] [PATCH v2 1/2] netfs: Fix missing xas_retry()
 calls in xarray iteration



On 11/5/22 12:37 AM, David Howells wrote:
> netfslib has a number of places in which it performs iteration of an xarray
> whilst being under the RCU read lock.  It *should* call xas_retry() as the
> first thing inside of the loop and do "continue" if it returns true in case
> the xarray walker passed out a special value indicating that the walk needs
> to be redone from the root[*].
> 
> Fix this by adding the missing retry checks.
> 
> [*] I wonder if this should be done inside xas_find(), xas_next_node() and
>     suchlike, but I'm told that's not an simple change to effect.
> 
> This can cause an oops like that below.  Note the faulting address - this
> is an internal value (|0x2) returned from xarray.
> 
> BUG: kernel NULL pointer dereference, address: 0000000000000402
> ...
> RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]
> ...
> Call Trace:
>  netfs_rreq_assess+0xa6/0x240 [netfs]
>  netfs_readpage+0x173/0x3b0 [netfs]
>  ? init_wait_var_entry+0x50/0x50
>  filemap_read_page+0x33/0xf0
>  filemap_get_pages+0x2f2/0x3f0
>  filemap_read+0xaa/0x320
>  ? do_filp_open+0xb2/0x150
>  ? rmqueue+0x3be/0xe10
>  ceph_read_iter+0x1fe/0x680 [ceph]
>  ? new_sync_read+0x115/0x1a0
>  new_sync_read+0x115/0x1a0
>  vfs_read+0xf3/0x180
>  ksys_read+0x5f/0xe0
>  do_syscall_64+0x38/0x90
>  entry_SYSCALL_64_after_hwframe+0x44/0xae
> 
> Fixes: 3d3c95046742 ("netfs: Provide readahead and readpage netfs helpers")
> Reported-by: George Law <glaw@...hat.com>
> Signed-off-by: David Howells <dhowells@...hat.com>
> Reviewed-by: Jeff Layton <jlayton@...nel.org>
> cc: Matthew Wilcox <willy@...radead.org>
> cc: linux-cachefs@...hat.com
> cc: linux-fsdevel@...r.kernel.org
> ---

Reviewed-by: Jingbo Xu <jefflexu@...ux.alibaba.com>

-- 
Thanks,
Jingbo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ