lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b560ed9477d9d03f0bf13af2ffddfeebbbf7712b.camel@huaweicloud.com>
Date:   Tue, 07 Nov 2023 12:03:32 +0100
From:   Roberto Sassu <roberto.sassu@...weicloud.com>
To:     Paul Moore <paul@...l-moore.com>,
        syzbot <syzbot+c319bb5b1014113a92cf@...kaller.appspotmail.com>,
        jack@...e.cz, jeffm@...e.com
Cc:     hdanton@...a.com, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, reiserfs-devel@...r.kernel.org,
        roberto.sassu@...wei.com, syzkaller-bugs@...glegroups.com,
        syzkaller@...glegroups.com, linux-security-module@...r.kernel.org
Subject: Re: [syzbot] [reiserfs?] possible deadlock in reiserfs_dirty_inode

On Mon, 2023-11-06 at 17:53 -0500, Paul Moore wrote:
> On Mon, Nov 6, 2023 at 3:34 AM syzbot
> <syzbot+c319bb5b1014113a92cf@...kaller.appspotmail.com> wrote:
> > 
> > syzbot has bisected this issue to:
> > 
> > commit d82dcd9e21b77d338dc4875f3d4111f0db314a7c
> > Author: Roberto Sassu <roberto.sassu@...wei.com>
> > Date:   Fri Mar 31 12:32:18 2023 +0000
> > 
> >     reiserfs: Add security prefix to xattr name in reiserfs_security_write()
> > 
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=14d0b787680000
> > start commit:   90b0c2b2edd1 Merge tag 'pinctrl-v6.7-1' of git://git.kerne..
> > git tree:       upstream
> > final oops:     https://syzkaller.appspot.com/x/report.txt?x=16d0b787680000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=12d0b787680000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=93ac5233c138249e
> > dashboard link: https://syzkaller.appspot.com/bug?extid=c319bb5b1014113a92cf
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=113f3717680000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=154985ef680000
> > 
> > Reported-by: syzbot+c319bb5b1014113a92cf@...kaller.appspotmail.com
> > Fixes: d82dcd9e21b7 ("reiserfs: Add security prefix to xattr name in reiserfs_security_write()")
> > 
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> 
> Hi Roberto,
> 
> I know you were looking at this over the summer[1], did you ever find
> a resolution to this?  If not, what do you think of just dropping
> security xattr support on reiserfs?  Normally that wouldn't be
> something we could consider, but given the likelihood that this hadn't
> been working in *years* (if ever), and reiserfs is deprecated, I think
> this is a viable option if there isn't an obvious fix.
> 
> [1] https://lore.kernel.org/linux-security-module/CAHC9VhTM0a7jnhxpCyonepcfWbnG-OJbbLpjQi68gL2GVnKSRg@mail.gmail.com/

Hi Paul

at the time, I did some investigation and came with a patch that
(likely) solves some of the problems:

https://lore.kernel.org/linux-fsdevel/4aa799a0b87d4e2ecf3fa74079402074dc42b3c5.camel@huaweicloud.com/#t

I did a more advanced patch (to be validated), trying to fix the root
cause:

https://lore.kernel.org/linux-fsdevel/ffde7908-be73-cc56-2646-72f4f94cb51b@huaweicloud.com/

However, Jeff Mahoney (that did a lot of work in this area) suggested
that maybe we should not try invasive changes, as anyway reiserfs will
be removed from the kernel in 2025.

It wouldn't be a problem to move the first patch forward.

Roberto

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ