* Re: [BUG?]Set XIP mount option on ext2 bypass check.
[not found] <4679A58C.2080008@21cn.com>
@ 2007-06-21 1:40 ` Yan Zheng
2007-06-21 11:17 ` Carsten Otte
0 siblings, 1 reply; 5+ messages in thread
From: Yan Zheng @ 2007-06-21 1:40 UTC (permalink / raw)
To: linux-fsdevel, linux-kernel
I mount an ext2 fs , then remount it with xip option set.
I get message below when do write operation in the fs.
--------
kernel BUG at fs/ext2/xip.c:21!
invalid opcode: 0000 [#1]
SMP
last sysfs file: /class/net/eth0/carrier
Modules linked in: ext2 autofs4 hidp rfcomm l2cap bluetooth sunrpc ipv6 dm_mirro
r dm_multipath video sbs i2c_ec button dock battery ac lp floppy snd_ens1371 gam
eport snd_rawmidi snd_ac97_codec pcnet32 ac97_bus snd_seq_dummy snd_seq_oss snd_
seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_time
r snd soundcore snd_page_alloc mii serio_raw parport_pc parport pcspkr BusLogic
i2c_piix4 i2c_core sg ext3 jbd mbcache squashfs dm_snapshot dm_mod loop sd_mod e
hci_hcd uhci_hcd ata_piix ata_generic libata sr_mod scsi_mod cdrom
CPU: 0
EIP: 0060:[<d8cba143>] Not tainted VLI
EFLAGS: 00010246 (2.6.21-1.3194.fc7 #1)
EIP is at ext2_clear_xip_target+0x1e/0x47 [ext2]
eax: d887da00 ebx: d310e3c0 ecx: d0648bd4 edx: 00001e01
esi: d0648b4c edi: 00000000 ebp: cc863e44 esp: cc863df8
ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
Process dd (pid: 3231, ti=cc863000 task=cd61b710 task.ti=cc863000)
Stack: 000000d8 ffffff10 00000200 00001e01 d8cb5b5b cc863e44 cc863e8c 00000c9f
cd61b710 00000001 d0648bd4 00000000 cc863e50 00000001 00000001 00000400
cc863e74 cc863e50 c043c220 d0648b4c 00001e01 00000000 00000f8c 00000e34
Call Trace:
[<d8cb5b5b>] ext2_get_block+0x3f4/0x52b [ext2]
[<c043c220>] clockevents_program_event+0xb2/0xb9
[<c04bed36>] avc_has_perm+0x4e/0x58
[<d8cba05d>] ext2_get_xip_page+0x65/0xde [ext2]
[<c0473972>] xip_file_write+0x232/0x38d
[<c0473740>] xip_file_write+0x0/0x38d
[<c0475d33>] vfs_write+0xa8/0x154
[<c0476342>] sys_write+0x41/0x67
[<c0404f70>] syscall_call+0x7/0xb
=======================
Code: 89 0c 24 e8 88 cd ff ff 83 c4 0c 5b c3 57 53 83 ec 08 8b 80 9c 00 00 00 8b
98 98 00 00 00 8b 43 5c 8b 40 34 8b 78 14 85 ff 75 04 <0f> 0b eb fe 8d 44 24 04
31 c9 c1 e2 03 89 04 24 89 d8 ff d7 85
EIP: [<d8cba143>] ext2_clear_xip_target+0x1e/0x47 [ext2] SS:ESP 0068:cc863df8
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG?]Set XIP mount option on ext2 bypass check.
2007-06-21 1:40 ` [BUG?]Set XIP mount option on ext2 bypass check Yan Zheng
@ 2007-06-21 11:17 ` Carsten Otte
2007-06-21 13:17 ` Carsten Otte
0 siblings, 1 reply; 5+ messages in thread
From: Carsten Otte @ 2007-06-21 11:17 UTC (permalink / raw)
To: Andrew Morton; +Cc: Yan Zheng, linux-fsdevel, linux-kernel
Yan Zheng wrote:
> I mount an ext2 fs , then remount it with xip option set.
> I get message below when do write operation in the fs.
Ouch. Like on mount, we should refuse -o xip on remount. The patch
below fixes this issue.
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
---
Index: linux-2.6.22-rc4-mm/fs/ext2/super.c
===================================================================
--- linux-2.6.22-rc4-mm.orig/fs/ext2/super.c
+++ linux-2.6.22-rc4-mm/fs/ext2/super.c
@@ -1071,6 +1071,9 @@ static int ext2_remount (struct super_bl
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
((sbi->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0);
+ ext2_xip_verify_sb(sb); /* see if bdev supports xip, unset
+ EXT2_MOUNT_XIP if not */
+
es = sbi->s_es;
if (((sbi->s_mount_opt & EXT2_MOUNT_XIP) !=
(old_mount_opt & EXT2_MOUNT_XIP)) &&
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG?]Set XIP mount option on ext2 bypass check.
2007-06-21 11:17 ` Carsten Otte
@ 2007-06-21 13:17 ` Carsten Otte
2007-06-21 23:22 ` Arnd Bergmann
0 siblings, 1 reply; 5+ messages in thread
From: Carsten Otte @ 2007-06-21 13:17 UTC (permalink / raw)
To: Andrew Morton; +Cc: Yan Zheng, linux-fsdevel, linux-kernel
This is an updated version of my bugfix patch. Yan Zheng pointed out,
that ext2_remount lacks checking if -o xip should be enabled or not.
This patch checks for presence of direct_access on the backing block
device and if the blocksize meets the requirements.
Andrew, please consider adding this patch to -mm.
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
---
Index: linux-2.6.22-rc4-mm/fs/ext2/super.c
===================================================================
--- linux-2.6.22-rc4-mm.orig/fs/ext2/super.c
+++ linux-2.6.22-rc4-mm/fs/ext2/super.c
@@ -1071,6 +1071,14 @@ static int ext2_remount (struct super_bl
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
((sbi->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0);
+ ext2_xip_verify_sb(sb); /* see if bdev supports xip, unset
+ EXT2_MOUNT_XIP if not */
+
+ if ((ext2_use_xip(sb)) && (sb->s_blocksize != PAGE_SIZE)) {
+ printk("XIP: Unsupported blocksize\n");
+ goto restore_opts;
+ }
+
es = sbi->s_es;
if (((sbi->s_mount_opt & EXT2_MOUNT_XIP) !=
(old_mount_opt & EXT2_MOUNT_XIP)) &&
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG?]Set XIP mount option on ext2 bypass check.
2007-06-21 13:17 ` Carsten Otte
@ 2007-06-21 23:22 ` Arnd Bergmann
2007-06-22 12:19 ` Satyam Sharma
0 siblings, 1 reply; 5+ messages in thread
From: Arnd Bergmann @ 2007-06-21 23:22 UTC (permalink / raw)
To: Carsten Otte; +Cc: Andrew Morton, Yan Zheng, linux-fsdevel, linux-kernel
On Thursday 21 June 2007, Carsten Otte wrote:
>
> This is an updated version of my bugfix patch. Yan Zheng pointed out,
> that ext2_remount lacks checking if -o xip should be enabled or not.
> This patch checks for presence of direct_access on the backing block
> device and if the blocksize meets the requirements.
> Andrew, please consider adding this patch to -mm.
>
> Signed-off-by: Carsten Otte <cotte@de.ibm.com>
It looks to me like a local denial of service attack in case of
user-mountable ext2 file systems in /etc/fstab.
Shouldn't that make it go into 2.6.22?
Arnd <><
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG?]Set XIP mount option on ext2 bypass check.
2007-06-21 23:22 ` Arnd Bergmann
@ 2007-06-22 12:19 ` Satyam Sharma
0 siblings, 0 replies; 5+ messages in thread
From: Satyam Sharma @ 2007-06-22 12:19 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Carsten Otte, Andrew Morton, Yan Zheng, linux-fsdevel, linux-kernel
Hi,
On 6/22/07, Arnd Bergmann <arnd@arndb.de> wrote:
> On Thursday 21 June 2007, Carsten Otte wrote:
> >
> > This is an updated version of my bugfix patch. Yan Zheng pointed out,
> > that ext2_remount lacks checking if -o xip should be enabled or not.
> > This patch checks for presence of direct_access on the backing block
> > device and if the blocksize meets the requirements.
> > Andrew, please consider adding this patch to -mm.
> >
> > Signed-off-by: Carsten Otte <cotte@de.ibm.com>
>
> It looks to me like a local denial of service attack in case of
> user-mountable ext2 file systems in /etc/fstab.
>
> Shouldn't that make it go into 2.6.22?
I agree. I would go on to suggest that all trivially-triggered oopsen /
panics from userspace (even if they require privileges, such as the
cat /dev/snapshot == oops issue posted last week) in fact ought to
be CVE's, and the corresponding fixes for such issues be considered
as candidates for -stable, if applicable to the current stable kernel.
Satyam
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-06-22 12:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <4679A58C.2080008@21cn.com>
2007-06-21 1:40 ` [BUG?]Set XIP mount option on ext2 bypass check Yan Zheng
2007-06-21 11:17 ` Carsten Otte
2007-06-21 13:17 ` Carsten Otte
2007-06-21 23:22 ` Arnd Bergmann
2007-06-22 12:19 ` Satyam Sharma
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).