lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <23651194C61FBB9C+e2ddd3f5-f51f-44c0-8800-d2abb08a2447@chenxiaosong.com>
Date: Tue, 10 Jun 2025 16:49:25 +0800
From: ChenXiaoSong <chenxiaosong@...nxiaosong.com>
To: Jeff Layton <jlayton@...nel.org>
Cc: Olga Kornievskaia <okorniev@...hat.com>,
 Li Lingfeng <lilingfeng3@...wei.com>, Dai Ngo <Dai.Ngo@...cle.com>,
 Neil Brown <neilb@...e.de>, Chuck Lever <chuck.lever@...cle.com>,
 Tom Talpey <tom@...pey.com>, linux-nfs@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/5] nfsd: prevent callback tasks running concurrently

在 2025/2/21 00:47, Jeff Layton 写道:
> Most of the nfsd4_run_cb() callers are converted to use this new flag or
> the nfsd4_try_run_cb() wrapper. The main exception is the callback
> channel probe, which has its own synchronization.
> 

Hi Jeff:

We had a null-ptr-deref in nfsd4_probe_callback():

[24225.738349] Unable to handle kernel NULL pointer dereference at 
virtual address 0000000000000000
...
[24225.803480] Call trace:
[24225.804639]  __queue_work+0xb4/0x558
[24225.805949]  queue_work_on+0x88/0x90
[24225.807306]  nfsd4_probe_callback+0x4c/0x58 [nfsd]
[24225.808896]  nfsd4_probe_callback_sync+0x20/0x38 [nfsd]
[24225.808909]  nfsd4_init_conn.isra.57+0x8c/0xa8 [nfsd]
[24225.815204]  nfsd4_create_session+0x5b8/0x718 [nfsd]
[24225.817711]  nfsd4_proc_compound+0x4c0/0x710 [nfsd]
[24225.819329]  nfsd_dispatch+0x104/0x248 [nfsd]
[24225.820742]  svc_process_common+0x348/0x808 [sunrpc]
[24225.822294]  svc_process+0xb0/0xc8 [sunrpc]
[24225.823760]  nfsd+0xf0/0x160 [nfsd]
[24225.825006]  kthread+0x134/0x138
[24225.826336]  ret_from_fork+0x10/0x18

Is this patch or patchset can fix this issue? And I'm having trouble 
understanding the commit message "callback channel probe has its own 
synchronization", I'd appreciate it if you could explain in more detail.

Thanks,
ChenXiaoSong.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ