lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2023092111-grill-excusable-f67a@gregkh>
Date:   Thu, 21 Sep 2023 09:13:16 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Kyle Zeng <zengyhkyle@...il.com>
Cc:     Florian Fainelli <f.fainelli@...il.com>,
        Guenter Roeck <linux@...ck-us.net>, stable@...r.kernel.org,
        patches@...ts.linux.dev, linux-kernel@...r.kernel.org,
        torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
        shuah@...nel.org, patches@...nelci.org,
        lkft-triage@...ts.linaro.org, pavel@...x.de, jonathanh@...dia.com,
        sudipm.mukherjee@...il.com, srw@...dewatkins.net, rwarsow@....de,
        conor@...nel.org
Subject: Re: [PATCH 5.10 000/406] 5.10.195-rc1 review

On Wed, Sep 20, 2023 at 12:13:25PM -0700, Kyle Zeng wrote:
> On Wed, Sep 20, 2023 at 10:01:55AM -0700, Florian Fainelli wrote:
> > On 9/20/23 08:18, Guenter Roeck wrote:
> > > On 9/20/23 01:11, Greg Kroah-Hartman wrote:
> > > > On Tue, Sep 19, 2023 at 09:57:25PM -0700, Guenter Roeck wrote:
> > > > > On 9/17/23 12:07, Greg Kroah-Hartman wrote:
> > > > > > This is the start of the stable review cycle for the 5.10.195 release.
> > > > > > There are 406 patches in this series, all will be posted as a response
> > > > > > to this one.  If anyone has any issues with these being applied, please
> > > > > > let me know.
> > > > > > 
> > > > > > Responses should be made by Tue, 19 Sep 2023 19:10:04 +0000.
> > > > > > Anything received after that time might be too late.
> > > > > > 
> > > > > 
> > > > > chromeos-5.10 locks up in configfs_lookup() after the merge of
> > > > > v5.10.195.
> > > > > 
> > > > > I am a bit puzzled because I see
> > > > > 
> > > > > c709c7ca020a configfs: fix a race in configfs_lookup()
> > > > > 
> > > > > in v5.10.195 but not in the list of commits below. I guess I must be
> > > > > missing something.
> > > > 
> > > > It was part of the big patchset, it was posted here:
> > > >     https://lore.kernel.org/r/20230917191101.511939651@linuxfoundation.org
> > > > 
> > > > Not hidden at all :)
> > > > 
> > > > and was submitted here:
> > > >     https://lore.kernel.org/r/ZPOZFHHA0abVmGx+@westworld
> > > > 
> > > > > Either case, the code now looks as follows.
> > > > > 
> > > > > configfs_lookup()
> > > > > {
> > > > >      ...
> > > > >      spin_lock(&configfs_dirent_lock);
> > > > >      ...
> > > > >          err = configfs_attach_attr(sd, dentry);
> > > > >      ...
> > > > >      spin_unlock(&configfs_dirent_lock);
> > > > >      ...
> > > > > }
> > > > > 
> > > > > and
> > > > > 
> > > > > configfs_attach_attr(...)
> > > > > {
> > > > >      ...
> > > > >      spin_lock(&configfs_dirent_lock);
> > > > >      ...
> > > > > }
> > > > > 
> > > > > which unless it is way too late here and I really need to go to sleep
> > > > > just won't work.
> > > > 
> > > > Kyle, you did the backport, any comments?
> > > > 
> > > 
> > > After a good night sleep, the code still looks wrong to me. Reverting
> > > the offending patch in chromeos-5.10 solved the problem there.
> > > That makes me suspect that no one actually tests configfs.
> > 
> > Humm indeed, looking at our testing we don't have our USB devices being
> > tested which would exercise configfs since we switch the USB device between
> > different configurations (mass storage, serial, networking etc.). Let me see
> > about adding that so we get some coverage.
> > -- 
> > Florian
> > 
> 
> Sorry for the wrong patch. My intention was to backport c42dd069be8dfc9b2239a5c89e73bbd08ab35de0
> to v5.10 to avoid a race condition triggered in my test. I tested the
> patch with my PoC program and made sure it won't trigger the crash. But
> I didn't notice that it could hang the kernel.
> I sincerely apologize for the mistake.
> 
> My new proposed patch backports both
> c42dd069be8dfc9b2239a5c89e73bbd08ab35de0 and d07f132a225c013e59aa77f514ad9211ecab82ee.
> I made sure it does not trigger the race condition anymore.
> Can anyone having access to more comprehensive tests please check whether it works?
> 
> Also, I'm not sure whether it is OK or how to backport two patches in
> one patch. Please advise on how to do it properly.

Please backport them both individually, do not merge them together.

I'll go revert the current change now and push out a release with it so
that it fixes users of this kernel tree.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ