* [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
@ 2008-02-05 5:24 David Chinner
2008-02-06 4:55 ` Christoph Hellwig
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: David Chinner @ 2008-02-05 5:24 UTC (permalink / raw)
To: Sven Geggus; +Cc: xfs, Tobias Ulmer, Andrea Perotti
Sven, Tomas, Andrea:
Can you try the patch attached below to see if it fixes the
xfs_file_readdir() oops you are seeing and let me know if it fixes
the problem?
It looks like we're deferencing a pointer beyond the end of a buffer
if the buffer is filled exactly. This bug does not crash ia64 (even
with memory poisoning enabled), which is why the targeted corner
case testing I did a while back did not pick this up when fixing a
similar bug a month ago.
Cheers,
Dave.
--
Dave Chinner
Principal Engineer
SGI Australian Software Group
---
Fix yet another corner case oops in xfs_file_readdir().
Signed-off-by: Dave Chinner <dgc@sgi.com>
---
fs/xfs/linux-2.6/xfs_file.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: 2.6.x-xfs-new/fs/xfs/linux-2.6/xfs_file.c
===================================================================
--- 2.6.x-xfs-new.orig/fs/xfs/linux-2.6/xfs_file.c 2008-01-16 16:24:01.000000000 +1100
+++ 2.6.x-xfs-new/fs/xfs/linux-2.6/xfs_file.c 2008-02-05 15:13:17.153110696 +1100
@@ -351,8 +351,8 @@ xfs_file_readdir(
size = buf.used;
de = (struct hack_dirent *)buf.dirent;
- curr_offset = de->offset /* & 0x7fffffff */;
while (size > 0) {
+ curr_offset = de->offset /* & 0x7fffffff */;
if (filldir(dirent, de->name, de->namlen,
curr_offset & 0x7fffffff,
de->ino, de->d_type)) {
@@ -363,7 +363,6 @@ xfs_file_readdir(
sizeof(u64));
size -= reclen;
de = (struct hack_dirent *)((char *)de + reclen);
- curr_offset = de->offset /* & 0x7fffffff */;
}
}
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
2008-02-05 5:24 [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash David Chinner
@ 2008-02-06 4:55 ` Christoph Hellwig
2008-02-06 9:46 ` Tobias Ulmer
` (2 subsequent siblings)
3 siblings, 0 replies; 8+ messages in thread
From: Christoph Hellwig @ 2008-02-06 4:55 UTC (permalink / raw)
To: David Chinner; +Cc: Sven Geggus, xfs, Tobias Ulmer, Andrea Perotti
Looks good to me. Well not really good but like fixing the corner case.
We really need to get rid of this stupid loop. I'll put fixing nfsd
up higher in my todo list.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
2008-02-05 5:24 [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash David Chinner
2008-02-06 4:55 ` Christoph Hellwig
@ 2008-02-06 9:46 ` Tobias Ulmer
2008-02-06 9:59 ` .:deadhead:.
2008-02-09 12:04 ` Sven Geggus
3 siblings, 0 replies; 8+ messages in thread
From: Tobias Ulmer @ 2008-02-06 9:46 UTC (permalink / raw)
To: David Chinner; +Cc: Sven Geggus, xfs, Andrea Perotti
On Tue, Feb 05, 2008 at 04:24:18PM +1100, David Chinner wrote:
> Sven, Tomas, Andrea:
>
> Can you try the patch attached below to see if it fixes the
> xfs_file_readdir() oops you are seeing and let me know if it fixes
> the problem?
Works for me(TM) :)
My testbox survived 24h with this patch, no problems.
Tobias
>
> It looks like we're deferencing a pointer beyond the end of a buffer
> if the buffer is filled exactly. This bug does not crash ia64 (even
> with memory poisoning enabled), which is why the targeted corner
> case testing I did a while back did not pick this up when fixing a
> similar bug a month ago.
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> Principal Engineer
> SGI Australian Software Group
>
> ---
> Fix yet another corner case oops in xfs_file_readdir().
>
> Signed-off-by: Dave Chinner <dgc@sgi.com>
> ---
> fs/xfs/linux-2.6/xfs_file.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> Index: 2.6.x-xfs-new/fs/xfs/linux-2.6/xfs_file.c
> ===================================================================
> --- 2.6.x-xfs-new.orig/fs/xfs/linux-2.6/xfs_file.c 2008-01-16 16:24:01.000000000 +1100
> +++ 2.6.x-xfs-new/fs/xfs/linux-2.6/xfs_file.c 2008-02-05 15:13:17.153110696 +1100
> @@ -351,8 +351,8 @@ xfs_file_readdir(
>
> size = buf.used;
> de = (struct hack_dirent *)buf.dirent;
> - curr_offset = de->offset /* & 0x7fffffff */;
> while (size > 0) {
> + curr_offset = de->offset /* & 0x7fffffff */;
> if (filldir(dirent, de->name, de->namlen,
> curr_offset & 0x7fffffff,
> de->ino, de->d_type)) {
> @@ -363,7 +363,6 @@ xfs_file_readdir(
> sizeof(u64));
> size -= reclen;
> de = (struct hack_dirent *)((char *)de + reclen);
> - curr_offset = de->offset /* & 0x7fffffff */;
> }
> }
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
2008-02-05 5:24 [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash David Chinner
2008-02-06 4:55 ` Christoph Hellwig
2008-02-06 9:46 ` Tobias Ulmer
@ 2008-02-06 9:59 ` .:deadhead:.
2008-02-09 12:04 ` Sven Geggus
3 siblings, 0 replies; 8+ messages in thread
From: .:deadhead:. @ 2008-02-06 9:59 UTC (permalink / raw)
To: David Chinner; +Cc: Sven Geggus, xfs, Tobias Ulmer, Andrea Perotti
> Sven, Tomas, Andrea:
>
> Can you try the patch attached below to see if it fixes the
> xfs_file_readdir() oops you are seeing and let me know if it fixes
> the problem?
Works like a charm here :D
Thank you for your fast fix !
cheers
Andrea
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
2008-02-05 5:24 [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash David Chinner
` (2 preceding siblings ...)
2008-02-06 9:59 ` .:deadhead:.
@ 2008-02-09 12:04 ` Sven Geggus
2008-02-11 0:17 ` David Chinner
3 siblings, 1 reply; 8+ messages in thread
From: Sven Geggus @ 2008-02-09 12:04 UTC (permalink / raw)
To: David Chinner; +Cc: xfs, Tobias Ulmer, Andrea Perotti
David Chinner schrieb am Dienstag, den 05. Februar um 06:24 Uhr:
> Can you try the patch attached below
Am I correct in the assumption, that this did not make it into
2.6.24.1?
Can we reckon that this patch will get included in one of the next
minor releases?
Sven
--
The main thing to note is that when you choose open source you don't
get a Windows operating system.
(from http://www.dell.com/ubuntu)
/me is giggls@ircnet, http://sven.gegg.us/ on the Web
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
2008-02-09 12:04 ` Sven Geggus
@ 2008-02-11 0:17 ` David Chinner
2008-02-11 6:35 ` Federico Sevilla III
0 siblings, 1 reply; 8+ messages in thread
From: David Chinner @ 2008-02-11 0:17 UTC (permalink / raw)
To: Sven Geggus; +Cc: David Chinner, xfs, Tobias Ulmer, Andrea Perotti
On Sat, Feb 09, 2008 at 01:04:24PM +0100, Sven Geggus wrote:
> David Chinner schrieb am Dienstag, den 05. Februar um 06:24 Uhr:
>
> > Can you try the patch attached below
>
> Am I correct in the assumption, that this did not make it into
> 2.6.24.1?
Right - the fix wasn't in Linus' kernel by the time 2.6.24.1 was
released.
> Can we reckon that this patch will get included in one of the next
> minor releases?
Already queued for 2.6.24.2.
Cheers,
Dave.
--
Dave Chinner
Principal Engineer
SGI Australian Software Group
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
2008-02-11 0:17 ` David Chinner
@ 2008-02-11 6:35 ` Federico Sevilla III
2008-02-13 0:46 ` Jason White
0 siblings, 1 reply; 8+ messages in thread
From: Federico Sevilla III @ 2008-02-11 6:35 UTC (permalink / raw)
To: xfs
[-- Attachment #1: Type: text/plain, Size: 444 bytes --]
On Mon, 2008-02-11 at 11:17 +1100, David Chinner wrote:
> > Can we reckon that this patch will get included in one of the next
> > minor releases?
>
> Already queued for 2.6.24.2.
2.6.24.2 has been released to address the vmsplice issue. Unfortunately,
no other changes seem to have been included. Hopefully, the
xfs_file_readdir patch will make it to 2.6.24.3.
--
Federico Sevilla III
F S 3 Consulting Inc.
http://www.fs3.ph
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash
2008-02-11 6:35 ` Federico Sevilla III
@ 2008-02-13 0:46 ` Jason White
0 siblings, 0 replies; 8+ messages in thread
From: Jason White @ 2008-02-13 0:46 UTC (permalink / raw)
To: xfs
On Mon, Feb 11, 2008 at 02:35:25PM +0800, Federico Sevilla III wrote:
> 2.6.24.2 has been released to address the vmsplice issue. Unfortunately,
> no other changes seem to have been included. Hopefully, the
> xfs_file_readdir patch will make it to 2.6.24.3.
Which platforms are affected? My machines are x86_64, and I've just upgraded
to avoid the vmsplice exploit.
Of course, I could compile a patched kernel but if this platform isn't
affected then I might as well wait for 2.6.24.3.
I know that's a really lazy kind of question.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2008-02-13 0:47 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-02-05 5:24 [PATCH] Possible fix for 2.6.24 xfs_file_readdir crash David Chinner
2008-02-06 4:55 ` Christoph Hellwig
2008-02-06 9:46 ` Tobias Ulmer
2008-02-06 9:59 ` .:deadhead:.
2008-02-09 12:04 ` Sven Geggus
2008-02-11 0:17 ` David Chinner
2008-02-11 6:35 ` Federico Sevilla III
2008-02-13 0:46 ` Jason White
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.