| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Jun 2023 10:56:39 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: Jeff Mahoney <jeffm@...e.com>, Paul Moore <paul@...l-moore.com>,
syzbot <syzbot+8fb64a61fdd96b50f3b8@...kaller.appspotmail.com>
Cc: hdanton@...a.com, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, reiserfs-devel@...r.kernel.org,
roberto.sassu@...wei.com, syzkaller-bugs@...glegroups.com,
peterz@...radead.org, mingo@...hat.com, will@...nel.org,
Jan Kara <jack@...e.cz>
Subject: Re: [syzbot] [reiserfs?] possible deadlock in open_xa_dir
On Fri, 2023-06-02 at 09:20 +0200, Roberto Sassu wrote:
> On Thu, 2023-06-01 at 17:22 -0400, Jeff Mahoney wrote:
> > On 5/31/23 05:49, Roberto Sassu wrote:
> > > On 5/5/2023 11:36 PM, Paul Moore wrote:
> > > > On Fri, May 5, 2023 at 4:51 PM syzbot
> > > > <syzbot+8fb64a61fdd96b50f3b8@...kaller.appspotmail.com> wrote:
> > > > > syzbot has bisected this issue to:
> > > > >
> > > > > commit d82dcd9e21b77d338dc4875f3d4111f0db314a7c
> > > > > Author: Roberto Sassu <roberto.sassu@...wei.com>
> > > > > Date: Fri Mar 31 12:32:18 2023 +0000
> > > > >
> > > > > reiserfs: Add security prefix to xattr name in
> > > > > reiserfs_security_write()
> > > > >
> > > > > bisection log:
> > > > > https://syzkaller.appspot.com/x/bisect.txt?x=14403182280000
> > > > > start commit: 3c4aa4434377 Merge tag 'ceph-for-6.4-rc1' of
> > > > > https://githu..
> > > > > git tree: upstream
> > > > > final oops:
> > > > > https://syzkaller.appspot.com/x/report.txt?x=16403182280000
> > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=12403182280000
> > > > > kernel config:
> > > > > https://syzkaller.appspot.com/x/.config?x=73a06f6ef2d5b492
> > > > > dashboard link:
> > > > > https://syzkaller.appspot.com/bug?extid=8fb64a61fdd96b50f3b8
> > > > > syz repro:
> > > > > https://syzkaller.appspot.com/x/repro.syz?x=12442414280000
> > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176a7318280000
> > > > >
> > > > > Reported-by: syzbot+8fb64a61fdd96b50f3b8@...kaller.appspotmail.com
> > > > > Fixes: d82dcd9e21b7 ("reiserfs: Add security prefix to xattr name in
> > > > > reiserfs_security_write()")
> > > > >
> > > > > For information about bisection process see:
> > > > > https://goo.gl/tpsmEJ#bisection
> > > >
> > > > I don't think Roberto's patch identified above is the actual root
> > > > cause of this problem as reiserfs_xattr_set_handle() is called in
> > > > reiserfs_security_write() both before and after the patch. However,
> > > > due to some bad logic in reiserfs_security_write() which Roberto
> > > > corrected, I'm thinking that it is possible this code is being
> > > > exercised for the first time and syzbot is starting to trigger a
> > > > locking issue in the reiserfs code ... ?
> > >
> > > + Jan, Jeff (which basically restructured the lock)
> > >
> > > + Petr, Ingo, Will
>
> Peter, clearly (sorry!)
>
> > I involve the lockdep experts, to get a bit of help on this.
> >
> > Yep, looks like that's been broken since it was added in 2009. Since
> > there can't be any users of it, it'd make sense to drop the security
> > xattr support from reiserfs entirely.
>
> Thanks, Jeff. Will make a patch to implement your suggestion.
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git next
View attachment "0001-reiserfs-Disable-security-xattr-initialization-since.patch" of type "text/x-patch" (2210 bytes)
Powered by blists - more mailing lists