lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKPOu+-HZQa_p3JUXeQY+KZL1yAFK29A6PD2KartKTT6zA785w@mail.gmail.com>
Date: Fri, 5 Sep 2025 20:35:04 +0200
From: Max Kellermann <max.kellermann@...os.com>
To: Viacheslav Dubeyko <Slava.Dubeyko@....com>
Cc: "stable@...r.kernel.org" <stable@...r.kernel.org>, 
	"ceph-devel@...r.kernel.org" <ceph-devel@...r.kernel.org>, Xiubo Li <xiubli@...hat.com>, 
	Alex Markuze <amarkuze@...hat.com>, 
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "idryomov@...il.com" <idryomov@...il.com>
Subject: Re: [PATCH] fs/ceph/addr: always call ceph_shift_unused_folios_left()

On Fri, Sep 5, 2025 at 7:11 PM Viacheslav Dubeyko <Slava.Dubeyko@....com> wrote:
>
> On Fri, 2025-09-05 at 05:41 +0200, Max Kellermann wrote:
> > Thanks, I'm glad you could verify the bug and my fix. In case this
> > wasn't clear: you saw just a warning, but this is usually a kernel
> > crash due to NULL pointer dereference. If you only got a warning but
> > no crash, it means your test VM does not use transparent huge pages
> > (no huge_zero_folio allocated yet). In a real workload, the kernel
> > would have crashed.
>
> I would like to reproduce the crash. But you've share only these steps.
> And it looks like that it's not the complete recipe. So, something was missing.
> If you could share more precise explanation of steps, it will be great.

The email you just cited explains the circumstances that are necessary
for the crash to occur.

Let me repeat it for you: you have to ensure that huge_zero_folio gets
allocated (or else the code that dereferences the NULL pointer and
crashes gets skipped).

Got it now?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ