lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <672c56fd.050a0220.350062.028a.GAE@google.com>
Date: Wed, 06 Nov 2024 21:58:21 -0800
From: syzbot <syzbot+1fc6f64c40a9d143cfb6@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] Re: [syzbot] [mm?] BUG: stack guard page was hit in v9fs_file_read_iter

For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.

***

Subject: Re: [syzbot] [mm?] BUG: stack guard page was hit in v9fs_file_read_iter
Author: lizhi.xu@...driver.com

add limit to avoid retry too frequently when rreq need to retry

#syz test

diff --git a/fs/netfs/buffered_read.c b/fs/netfs/buffered_read.c
index c40e226053cc..b09a22442de6 100644
--- a/fs/netfs/buffered_read.c
+++ b/fs/netfs/buffered_read.c
@@ -182,6 +182,7 @@ static void netfs_cache_read_terminated(void *priv, ssize_t transferred_or_error
 {
 	struct netfs_io_subrequest *subreq = priv;
 
+	printk("subreq: %p, transfed: %ld, %s\n", priv, transferred_or_error, __func__);
 	if (transferred_or_error < 0) {
 		netfs_read_subreq_terminated(subreq, transferred_or_error, was_async);
 		return;
@@ -295,6 +296,7 @@ static void netfs_read_to_pagecache(struct netfs_io_request *rreq)
 			netfs_stat(&netfs_n_rh_zero);
 			slice = netfs_prepare_read_iterator(subreq);
 			__set_bit(NETFS_SREQ_CLEAR_TAIL, &subreq->flags);
+			printk("1subreq: %p, transfed: %ld, %s\n", subreq, __func__);
 			netfs_read_subreq_terminated(subreq, 0, false);
 			goto done;
 		}
@@ -302,6 +304,7 @@ static void netfs_read_to_pagecache(struct netfs_io_request *rreq)
 		if (source == NETFS_READ_FROM_CACHE) {
 			trace_netfs_sreq(subreq, netfs_sreq_trace_submit);
 			slice = netfs_prepare_read_iterator(subreq);
+			printk("subreq: %p, transfed: %ld, %s\n", subreq, __func__);
 			netfs_read_cache_to_pagecache(rreq, subreq);
 			goto done;
 		}
diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c
index b18c65ba5580..f75429a4e743 100644
--- a/fs/netfs/read_collect.c
+++ b/fs/netfs/read_collect.c
@@ -465,6 +465,7 @@ void netfs_read_subreq_terminated(struct netfs_io_subrequest *subreq,
 				  int error, bool was_async)
 {
 	struct netfs_io_request *rreq = subreq->rreq;
+	static int rtt = 0;
 
 	switch (subreq->source) {
 	case NETFS_READ_FROM_CACHE:
@@ -506,15 +507,24 @@ void netfs_read_subreq_terminated(struct netfs_io_subrequest *subreq,
 	if (!error && subreq->transferred < subreq->len) {
 		if (test_bit(NETFS_SREQ_HIT_EOF, &subreq->flags)) {
 			trace_netfs_sreq(subreq, netfs_sreq_trace_hit_eof);
+			rtt = 0;
 		} else {
 			trace_netfs_sreq(subreq, netfs_sreq_trace_short);
 			if (subreq->transferred > subreq->consumed) {
+				rtt++;
+				if (rtt < 16) {
 				__set_bit(NETFS_SREQ_NEED_RETRY, &subreq->flags);
 				__clear_bit(NETFS_SREQ_NO_PROGRESS, &subreq->flags);
 				set_bit(NETFS_RREQ_NEED_RETRY, &rreq->flags);
+				}
+				printk("1async: %d, r: %p, transed: %lu, sub req length: %lu, retry times: %d, %s\n", was_async, rreq, subreq->transferred, subreq->len, rtt, __func__);
 			} else if (!__test_and_set_bit(NETFS_SREQ_NO_PROGRESS, &subreq->flags)) {
+				rtt++;
+				if (rtt < 16) {
 				__set_bit(NETFS_SREQ_NEED_RETRY, &subreq->flags);
 				set_bit(NETFS_RREQ_NEED_RETRY, &rreq->flags);
+				}
+				printk("async: %d, r: %p, transed: %lu, sub req length: %lu, retry times: %d, %s\n", was_async, rreq, subreq->transferred, subreq->len, rtt, __func__);
 			} else {
 				__set_bit(NETFS_SREQ_FAILED, &subreq->flags);
 				error = -ENODATA;
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index 0b8086f58ad5..d80af1aa74e4 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -714,7 +714,7 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args)
 	mutex_unlock(&virtio_9p_lock);
 
 	if (!found) {
-		pr_err("no channels available for device %s\n", devname);
+		pr_err_ratelimited("no channels available for device %s\n", devname);
 		return ret;
 	}
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ