From: Oleksandr Natalenko <oleksandr@natalenko.name>
To: Kees Cook <keescook@chromium.org>
Cc: David Windsor <dave@nullcore.net>,
"James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
linux-scsi@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
Christoph Hellwig <hch@lst.de>, Jens Axboe <axboe@kernel.dk>,
Hannes Reinecke <hare@suse.com>,
Johannes Thumshirn <jthumshirn@suse.de>,
linux-block@vger.kernel.org, paolo.valente@linaro.org,
keescook@google.com
Subject: Re: usercopy whitelist woe in scsi_sense_cache
Date: Tue, 10 Apr 2018 19:16:49 +0200 [thread overview]
Message-ID: <d53af006c314eb9d326bfb19b08e189b@natalenko.name> (raw)
In-Reply-To: <CAGXu5j+9BJcR63bsqQpqaKrvcgOpWyDzgpD-zRrf1qq7v=Z2CA@mail.gmail.com>
Hi, Kees, Paolo et al.
10.04.2018 08:53, Kees Cook wrote:
> Unfortunately I only had a single hang with no dumps. I haven't been
> able to reproduce it since. :(
For your convenience I've prepared a VM that contains a reproducer.
It consists of 3 disk images (sda.img is for the system, it is
Arch-based, sdb/sdc.img are for RAID). They are available (in a
compressed form) to download here [1].
RAID is built as RAID10 with far2 layout, on top of it there is a LUKS
container (can be opened either with keyfile under the /root or using
"qwerty" password). There's one LVM PV, one VG and one volume on top of
LUKS containing XFS. RAID is automatically assembled during the boot, so
you don't have to worry about it.
I run the VM like this:
$ qemu-system-x86_64 -display gtk,gl=on -machine q35,accel=kvm -cpu
host,+vmx -enable-kvm -netdev user,id=user.0 -device
virtio-net,netdev=user.0 -usb -device nec-usb-xhci,id=xhci -device
usb-tablet,bus=xhci.0 -serial stdio -smp 4 -m 512 -hda sda.img -hdb
sdb.img -hdc sdc.img
The system is accessible via both VGA and serial console. The user is
"root", the password is "qwerty".
Under the /root folder there is a reproducer script (reproducer.sh). It
does trivial things like enabling sysrq, opening LUKS device, mounting a
volume, running a background I/O (this is an important part, actually,
since I wasn't able to trigger the issue without the background I/O)
and, finally, running the smartctl in a loop. If you are lucky, within a
minute or two you'll get the first warning followed shortly by
subsequent bugs and I/O stall (htop is pre-installed for your
convenience too).
Notable changes in this VM comparing to generic defaults:
1) blk-mq is enabled via kernel cmdline (scsi_mod.use_blk_mq=1 is in
/etc/default/grub)
2) BFQ is set via udev (check /etc/udev/rules.d/10-io-scheduler.rules
file)
Again, I wasn't able to reproduce the usercopy warning/bug and I/O hang
without all these components being involved.
Hope you enjoy it.
P.S. I haven't tested Linus' master branch yet. For now, this VM runs
v4.16 kernel.
Regards,
Oleksandr
[1] https://natalenko.name/myfiles/usercopy_bfq_woe/
next prev parent reply other threads:[~2018-04-10 17:16 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-04 19:07 usercopy whitelist woe in scsi_sense_cache Oleksandr Natalenko
2018-04-04 20:21 ` Kees Cook
2018-04-04 20:44 ` Douglas Gilbert
2018-04-04 20:49 ` Oleksandr Natalenko
2018-04-04 21:25 ` Kees Cook
2018-04-04 21:34 ` Oleksandr Natalenko
2018-04-05 9:56 ` Oleksandr Natalenko
2018-04-05 14:21 ` Kees Cook
2018-04-05 14:32 ` Oleksandr Natalenko
2018-04-05 14:33 ` Oleksandr Natalenko
[not found] ` <CAGXu5jL8oLV2xvjBVYv_SNXr74LdgpXEmU7K+cLYpD7jh2chgw@mail.gmail.com>
2018-04-05 18:52 ` Kees Cook
2018-04-06 6:21 ` Oleksandr Natalenko
2018-04-08 19:07 ` Oleksandr Natalenko
2018-04-09 9:35 ` Christoph Hellwig
2018-04-09 15:54 ` Oleksandr Natalenko
2018-04-09 18:32 ` Kees Cook
2018-04-09 19:02 ` Oleksandr Natalenko
2018-04-09 20:30 ` Kees Cook
2018-04-09 23:03 ` Kees Cook
2018-04-10 6:35 ` Oleksandr Natalenko
2018-04-10 6:53 ` Kees Cook
2018-04-10 17:16 ` Oleksandr Natalenko [this message]
2018-04-11 3:13 ` Kees Cook
2018-04-11 22:47 ` Kees Cook
2018-04-12 0:03 ` Kees Cook
2018-04-12 18:44 ` Kees Cook
2018-04-12 19:04 ` Oleksandr Natalenko
2018-04-12 22:01 ` Kees Cook
2018-04-12 22:47 ` Kees Cook
2018-04-13 3:02 ` Kees Cook
2018-04-16 20:44 ` Kees Cook
2018-04-17 3:12 ` Kees Cook
2018-04-17 9:19 ` Oleksandr Natalenko
2018-04-17 16:25 ` Kees Cook
2018-04-17 10:02 ` James Bottomley
2018-04-17 16:30 ` Kees Cook
2018-04-17 16:42 ` Kees Cook
2018-04-17 16:46 ` Jens Axboe
2018-04-17 20:03 ` Kees Cook
2018-04-17 20:20 ` Kees Cook
2018-04-17 20:25 ` Kees Cook
2018-04-17 20:28 ` Jens Axboe
2018-04-17 20:46 ` Kees Cook
2018-04-17 21:25 ` Kees Cook
2018-04-17 21:39 ` Jens Axboe
2018-04-17 21:47 ` Kees Cook
2018-04-17 21:48 ` Jens Axboe
2018-04-17 22:57 ` Jens Axboe
2018-04-17 23:06 ` Kees Cook
2018-04-17 23:12 ` Jens Axboe
2018-04-18 9:08 ` Paolo Valente
2018-04-18 14:30 ` Jens Axboe
2018-04-19 9:32 ` Paolo Valente
2018-04-20 20:23 ` Kees Cook
2018-04-20 20:41 ` Oleksandr Natalenko
2018-04-21 8:43 ` Paolo Valente
2018-04-17 21:55 ` Oleksandr Natalenko
2018-04-10 13:47 ` Oleksandr Natalenko
2018-04-04 20:32 ` Kees Cook
2018-04-04 20:47 ` Douglas Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d53af006c314eb9d326bfb19b08e189b@natalenko.name \
--to=oleksandr@natalenko.name \
--cc=axboe@kernel.dk \
--cc=dave@nullcore.net \
--cc=hare@suse.com \
--cc=hch@lst.de \
--cc=jejb@linux.vnet.ibm.com \
--cc=jthumshirn@suse.de \
--cc=keescook@chromium.org \
--cc=keescook@google.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=paolo.valente@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).