| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Jun 2023 14:36:04 +0200
From: Jan Kara <jack@...e.cz>
To: Roberto Sassu <roberto.sassu@...weicloud.com>
Cc: Paul Moore <paul@...l-moore.com>,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
reiserfs-devel@...r.kernel.org, roberto.sassu@...wei.com,
syzkaller-bugs@...glegroups.com,
syzbot <syzbot+0a684c061589dcc30e51@...kaller.appspotmail.com>,
Jan Kara <jack@...e.cz>, Jeff Mahoney <jeffm@...e.com>
Subject: Re: [syzbot] [reiserfs?] INFO: task hung in flush_old_commits
On Tue 30-05-23 13:21:47, Jan Kara wrote:
> On Fri 26-05-23 11:45:57, Roberto Sassu wrote:
> > On Wed, 2023-05-24 at 17:57 -0400, Paul Moore wrote:
> > > On Wed, May 24, 2023 at 11:50 AM Roberto Sassu
> > > <roberto.sassu@...weicloud.com> wrote:
> > > > On Wed, 2023-05-24 at 11:11 -0400, Paul Moore wrote:
> > > > > On Wed, May 24, 2023 at 5:59 AM syzbot
> > > > > <syzbot+0a684c061589dcc30e51@...kaller.appspotmail.com> wrote:
> > > > > > syzbot has bisected this issue to:
> > > > > >
> > > > > > commit d82dcd9e21b77d338dc4875f3d4111f0db314a7c
> > > > > > Author: Roberto Sassu <roberto.sassu@...wei.com>
> > > > > > Date: Fri Mar 31 12:32:18 2023 +0000
> > > > > >
> > > > > > reiserfs: Add security prefix to xattr name in reiserfs_security_write()
> > > > > >
> > > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11c39639280000
> > > > > > start commit: 421ca22e3138 Merge tag 'nfs-for-6.4-2' of git://git.linux-..
> > > > > > git tree: upstream
> > > > > > final oops: https://syzkaller.appspot.com/x/report.txt?x=13c39639280000
> > > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=15c39639280000
> > > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=7d8067683055e3f5
> > > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=0a684c061589dcc30e51
> > > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14312791280000
> > > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12da8605280000
> > > > > >
> > > > > > Reported-by: syzbot+0a684c061589dcc30e51@...kaller.appspotmail.com
> > > > > > Fixes: d82dcd9e21b7 ("reiserfs: Add security prefix to xattr name in reiserfs_security_write()")
> > > > > >
> > > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> > > > >
> > > > > Roberto, I think we need to resolve this somehow. As I mentioned
> > > > > earlier, I don't believe this to be a fault in your patch, rather that
> > > > > patch simply triggered a situation that had not been present before,
> > > > > likely because the reiserfs code always failed when writing LSM
> > > > > xattrs. Regardless, we still need to fix the deadlocks that sysbot
> > > > > has been reporting.
> > > >
> > > > Hi Paul
> > > >
> > > > ok, I will try.
> > >
> > > Thanks Roberto. If it gets to be too challenging, let us know and we
> > > can look into safely disabling the LSM xattrs for reiserfs, I'll be
> > > shocked if anyone is successfully using LSM xattrs on reiserfs.
> >
> > Ok, at least I know what happens...
> >
> > + Jan, Jeff
> >
> > I'm focusing on this reproducer, which works 100% of the times:
> >
> > https://syzkaller.appspot.com/text?tag=ReproSyz&x=163079f9280000
>
> Well, the commit d82dcd9e21b ("reiserfs: Add security prefix to xattr name
> in reiserfs_security_write()") looks obviously broken to me. It does:
>
> char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX;
>
> Which is not how we can initialize strings in C... ;)
I'm growing old or what but indeed string assignment in initializers in C
works fine. It is only the assignment in code that would be problematic.
I'm sorry for the noise.
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists