From: Richard Weinberger <richard@nod.at>
To: "Toralf Förster" <toralf.foerster@gmx.de>
Cc: UML devel <user-mode-linux-devel@lists.sourceforge.net>,
trinity@vger.kernel.org
Subject: Re: [uml-devel] trinity commit 23dc478aba breaks syscall "mremap" at a 32 bit user mode linux
Date: Fri, 02 May 2014 09:21:09 +0200 [thread overview]
Message-ID: <53634765.6060000@nod.at> (raw)
In-Reply-To: <5362BDD1.9070105@gmx.de>
Am 01.05.2014 23:34, schrieb Toralf Förster:
> On 05/01/2014 10:57 PM, Richard Weinberger wrote:
>> Toralf,
>>
>> Yeah, this is because trinity destroys the UML stub code.
>> Please test the attached patch, it should fix the root cause of the problem.
>>
>> Thanks,
>> //richard
>>
>
> If I do just apply fix2.patch onto latest git tree v3.15-rc3-113-gba6728f then I do get after a while :
>
> * Starting sshd ... [ ok ]
> * Starting local
> net.core.warnings = 0 [ ok ]
> Kernel panic - not syncing: do_syscall_stub : PTRACE_SETREGS failed, errno = 3
>
> CPU: 0 PID: 1728 Comm: trinity-c0 Not tainted 3.15.0-rc3-00113-gba6728f-dirty #5
> Stack:
> BUG: soft lockup - CPU#0 stuck for 22s! [trinity-c0:1728]
>
> EIP: c500:[<47c6cf00>] CPU: 0 Not tainted EFLAGS: 476af700
> Not tainted
> EAX: 47cfc500 EBX: 0a024d00 ECX: 086c75fc EDX: 080fff88
> ESI: 0839f4bc EDI: 47cfc500 EBP: 0839f4bc DS: c500 ES: cd62
> EXT4-fs (ubda): error count: 1
> EXT4-fs (ubda): initial error at 1398962134: ext4_mb_generate_buddy:756
> EXT4-fs (ubda): last error at 1398962134: ext4_mb_generate_buddy:756
Hmm, there is another bug hidden.
/me looks.
>
> which is a big improvement because before it crashes immediately after few seconds.
>
> After applying both fixes the test case runs w/o a crash till now.
It should work without removing the panics().
Otherwise an attacker could do nasty things.
Thanks,
//richard
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
WARNING: multiple messages have this Message-ID (diff)
From: Richard Weinberger <richard@nod.at>
To: "Toralf Förster" <toralf.foerster@gmx.de>
Cc: trinity@vger.kernel.org,
UML devel <user-mode-linux-devel@lists.sourceforge.net>
Subject: Re: [uml-devel] trinity commit 23dc478aba breaks syscall "mremap" at a 32 bit user mode linux
Date: Fri, 02 May 2014 09:21:09 +0200 [thread overview]
Message-ID: <53634765.6060000@nod.at> (raw)
In-Reply-To: <5362BDD1.9070105@gmx.de>
Am 01.05.2014 23:34, schrieb Toralf Förster:
> On 05/01/2014 10:57 PM, Richard Weinberger wrote:
>> Toralf,
>>
>> Yeah, this is because trinity destroys the UML stub code.
>> Please test the attached patch, it should fix the root cause of the problem.
>>
>> Thanks,
>> //richard
>>
>
> If I do just apply fix2.patch onto latest git tree v3.15-rc3-113-gba6728f then I do get after a while :
>
> * Starting sshd ... [ ok ]
> * Starting local
> net.core.warnings = 0 [ ok ]
> Kernel panic - not syncing: do_syscall_stub : PTRACE_SETREGS failed, errno = 3
>
> CPU: 0 PID: 1728 Comm: trinity-c0 Not tainted 3.15.0-rc3-00113-gba6728f-dirty #5
> Stack:
> BUG: soft lockup - CPU#0 stuck for 22s! [trinity-c0:1728]
>
> EIP: c500:[<47c6cf00>] CPU: 0 Not tainted EFLAGS: 476af700
> Not tainted
> EAX: 47cfc500 EBX: 0a024d00 ECX: 086c75fc EDX: 080fff88
> ESI: 0839f4bc EDI: 47cfc500 EBP: 0839f4bc DS: c500 ES: cd62
> EXT4-fs (ubda): error count: 1
> EXT4-fs (ubda): initial error at 1398962134: ext4_mb_generate_buddy:756
> EXT4-fs (ubda): last error at 1398962134: ext4_mb_generate_buddy:756
Hmm, there is another bug hidden.
/me looks.
>
> which is a big improvement because before it crashes immediately after few seconds.
>
> After applying both fixes the test case runs w/o a crash till now.
It should work without removing the panics().
Otherwise an attacker could do nasty things.
Thanks,
//richard
next prev parent reply other threads:[~2014-05-02 7:21 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-30 18:19 [uml-devel] trinity commit 23dc478aba breaks syscall "mremap" at a 32 bit user mode linux Toralf Förster
2014-04-30 18:19 ` Toralf Förster
2014-05-01 9:22 ` [uml-devel] " Richard Weinberger
2014-05-01 9:22 ` Richard Weinberger
2014-05-01 10:29 ` Toralf Förster
2014-05-01 10:29 ` Toralf Förster
2014-05-01 12:33 ` Richard Weinberger
2014-05-01 12:33 ` Richard Weinberger
2014-05-01 15:15 ` Toralf Förster
2014-05-01 15:15 ` Toralf Förster
2014-05-01 20:57 ` Richard Weinberger
2014-05-01 20:57 ` Richard Weinberger
2014-05-01 21:34 ` Toralf Förster
2014-05-01 21:34 ` Toralf Förster
2014-05-02 7:21 ` Richard Weinberger [this message]
2014-05-02 7:21 ` Richard Weinberger
2014-05-02 7:46 ` Richard Weinberger
2014-05-02 7:46 ` Richard Weinberger
2014-05-02 14:07 ` Toralf Förster
2014-05-02 14:07 ` Toralf Förster
2014-05-02 14:14 ` Richard Weinberger
2014-05-02 14:14 ` Richard Weinberger
2014-07-12 17:16 ` Toralf Förster
2014-07-12 18:04 ` Richard Weinberger
2014-05-02 6:43 ` stian
2014-05-02 9:48 ` Richard Weinberger
2014-07-26 20:01 ` Toralf Förster
2014-07-26 20:07 ` Richard Weinberger
2014-07-26 21:21 ` Toralf Förster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53634765.6060000@nod.at \
--to=richard@nod.at \
--cc=toralf.foerster@gmx.de \
--cc=trinity@vger.kernel.org \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.