Re: Oops in audit_copy_inode
Eric Paris writes: > I believe this was already found and fixed: > > https://lkml.org/lkml/2012/7/25/259 > > Which was pulled by Linus in: > > 3134f37e931d75931bdf6d4eacd82a3fd26eca7c Okay, yes. I was actually CC-d on that, but missed the email. Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Oops in audit_copy_inode
Eric Paris epa...@redhat.com writes: I believe this was already found and fixed: https://lkml.org/lkml/2012/7/25/259 Which was pulled by Linus in: 3134f37e931d75931bdf6d4eacd82a3fd26eca7c Okay, yes. I was actually CC-d on that, but missed the email. Thanks, Miklos -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Oops in audit_copy_inode
I believe this was already found and fixed:
https://lkml.org/lkml/2012/7/25/259
Which was pulled by Linus in:
3134f37e931d75931bdf6d4eacd82a3fd26eca7c
-Eric
On Wed, 2012-08-01 at 18:11 +0200, Miklos Szeredi wrote:
> Hi Peter,
>
> Thanks for the report.
>
> Here's a patch. I haven't tested it but I'm pretty confident that it
> fixes the bug.
>
> Thanks,
> Miklos
>
>
> Subject: vfs: fix audit_inode on negative dentry
> From: Miklos Szeredi
>
> Peter Moody reported an oops in audit_copy_inode() and bisected it to commit
> 7157486541 (vfs: do_last(): common slow lookup).
>
> The problem is that audit_inode() in do_last() is called with a negative
> dentry.
>
> Previously the non-O_CREAT case didn't call audit_inode() here, but now both
> O_CREAT and non-O_CREAT opens are handled by the same code.
>
> I really have no idea why this audit_inode() is needed here at all but am
> afaid
> to remove this for fear of breaking audit somehow. So just fix this case by
> checking for a negative dentry.
>
> Reported-by: Peter Moody
> Signed-off-by: Miklos Szeredi
> CC: sta...@vger.kernel.org
> ---
> fs/namei.c | 10 ++
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> Index: linux-2.6/fs/namei.c
> ===
> --- linux-2.6.orig/fs/namei.c 2012-08-01 17:47:28.0 +0200
> +++ linux-2.6/fs/namei.c 2012-08-01 17:49:26.0 +0200
> @@ -2607,10 +2607,12 @@ static int do_last(struct nameidata *nd,
> goto finish_open_created;
> }
>
> - /*
> - * It already exists.
> - */
> - audit_inode(pathname, path->dentry);
> + if (path->dentry->d_inode) {
> + /*
> + * It already exists.
> + */
> + audit_inode(pathname, path->dentry);
> + }
>
> /*
>* If atomic_open() acquired write access it is dropped now due to
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: Oops in audit_copy_inode
I believe this was already found and fixed:
https://lkml.org/lkml/2012/7/25/259
Which was pulled by Linus in:
3134f37e931d75931bdf6d4eacd82a3fd26eca7c
-Eric
On Wed, 2012-08-01 at 18:11 +0200, Miklos Szeredi wrote:
Hi Peter,
Thanks for the report.
Here's a patch. I haven't tested it but I'm pretty confident that it
fixes the bug.
Thanks,
Miklos
Subject: vfs: fix audit_inode on negative dentry
From: Miklos Szeredi mszer...@suse.cz
Peter Moody reported an oops in audit_copy_inode() and bisected it to commit
7157486541 (vfs: do_last(): common slow lookup).
The problem is that audit_inode() in do_last() is called with a negative
dentry.
Previously the non-O_CREAT case didn't call audit_inode() here, but now both
O_CREAT and non-O_CREAT opens are handled by the same code.
I really have no idea why this audit_inode() is needed here at all but am
afaid
to remove this for fear of breaking audit somehow. So just fix this case by
checking for a negative dentry.
Reported-by: Peter Moody pmo...@google.com
Signed-off-by: Miklos Szeredi mszer...@suse.cz
CC: sta...@vger.kernel.org
---
fs/namei.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c 2012-08-01 17:47:28.0 +0200
+++ linux-2.6/fs/namei.c 2012-08-01 17:49:26.0 +0200
@@ -2607,10 +2607,12 @@ static int do_last(struct nameidata *nd,
goto finish_open_created;
}
- /*
- * It already exists.
- */
- audit_inode(pathname, path-dentry);
+ if (path-dentry-d_inode) {
+ /*
+ * It already exists.
+ */
+ audit_inode(pathname, path-dentry);
+ }
/*
* If atomic_open() acquired write access it is dropped now due to
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: Oops in audit_copy_inode
On Wed, Aug 1, 2012 at 9:11 AM, Miklos Szeredi wrote: > Hi Peter, > > Thanks for the report. > > Here's a patch. I haven't tested it but I'm pretty confident that it > fixes the bug. > > Thanks, > Miklos Ack. I can confirm that I don't Oops with this patch. Thanks! Cheers, peter -- Peter Moody Google Security Engineer pgp:0xC3410038 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Oops in audit_copy_inode
Hi Peter,
Thanks for the report.
Here's a patch. I haven't tested it but I'm pretty confident that it
fixes the bug.
Thanks,
Miklos
Subject: vfs: fix audit_inode on negative dentry
From: Miklos Szeredi
Peter Moody reported an oops in audit_copy_inode() and bisected it to commit
7157486541 (vfs: do_last(): common slow lookup).
The problem is that audit_inode() in do_last() is called with a negative dentry.
Previously the non-O_CREAT case didn't call audit_inode() here, but now both
O_CREAT and non-O_CREAT opens are handled by the same code.
I really have no idea why this audit_inode() is needed here at all but am afaid
to remove this for fear of breaking audit somehow. So just fix this case by
checking for a negative dentry.
Reported-by: Peter Moody
Signed-off-by: Miklos Szeredi
CC: sta...@vger.kernel.org
---
fs/namei.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c 2012-08-01 17:47:28.0 +0200
+++ linux-2.6/fs/namei.c2012-08-01 17:49:26.0 +0200
@@ -2607,10 +2607,12 @@ static int do_last(struct nameidata *nd,
goto finish_open_created;
}
- /*
-* It already exists.
-*/
- audit_inode(pathname, path->dentry);
+ if (path->dentry->d_inode) {
+ /*
+* It already exists.
+*/
+ audit_inode(pathname, path->dentry);
+ }
/*
* If atomic_open() acquired write access it is dropped now due to
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: Oops in audit_copy_inode
This time with a cleaner Oops: Pid: 2643, comm: cc1 Not tainted 3.5.0-rc6-at17+ #33 LENOVO 4291AK7/4291AK7 RIP: 0010:[] [] audit_copy_inode+0x10/0x90 RSP: 0018:8801f88dfc58 EFLAGS: 00010282 RAX: 8801fb32 RBX: 8801f887c508 RCX: c7e8 RDX: RSI: 8801f3f1d970 RDI: 8801f887c508 RBP: 8801f88dfc88 R08: R09: R10: 0001 R11: R12: 8801f3f1d970 R13: 8801f887c4a8 R14: R15: FS: 7fd6b9473700() GS:88021520() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0040 CR3: 00020f6a3000 CR4: 000407e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process cc1 (pid: 2643, threadinfo 8801f88de000, task 8801fb32) Stack: 8161c6fe 8801f887c508 8801f3f1d970 8801f887c4a8 8801f887c508 8801f3f1d970 8801f88dfcf8 810d237c 810d22bb 8801f3f1d970 8801f4575e40 Call Trace: [] ? mutex_unlock+0xe/0x10 [] __audit_inode+0x13c/0x2a0 [] ? __audit_inode+0x7b/0x2a0 [] do_last+0x7ac/0xa90 [] path_openat+0xd9/0x410 [] ? sched_clock_cpu+0xbd/0x110 [] ? native_sched_clock+0x13/0x80 [] ? sched_clock+0x9/0x10 [] do_filp_open+0x42/0xa0 [] ? _raw_spin_unlock+0x2b/0x40 [] ? alloc_fd+0xd2/0x120 [] do_sys_open+0xf8/0x1d0 [] ? __audit_syscall_entry+0xcc/0x310 [] sys_open+0x21/0x30 [] system_call_fastpath+0x16/0x1b Code: 00 00 c7 45 cc 1f 00 00 00 e9 2c ff ff ff 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 54 53 48 83 ec 20 66 66 66 66 90 <48> 8b 42 40 49 89 f4 48 8d 77 34 48 89 fb 48 89 47 18 48 8b 42 RIP [] audit_copy_inode+0x10/0x90 RSP CR2: 0040 ---[ end trace bcccee9a00e71a3b ]--- On Tue, Jul 31, 2012 at 4:02 PM, Peter Moody wrote: > I seem to have a reliable oops from 3.5.0-rc6 from Linus's tree. I've > bisected it down to, I think, the following commit: > > 7157486541bffc0dfec912e21ae639b029dae3d3 > > The Oops: > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.471368] Pid: 2643, comm: > cc1 Not tainted 3.5.0-rc6-at17+ #33 LENOVO 4291AK7/4291AK7 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.472342] RIP: > 0010:[] [] > audit_copy_inode+0x10/0x90 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.473300] RSP: > 0018:8801f88dfc58 EFLAGS: 00010282 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.474253] RAX: > 8801fb32 RBX: 8801f887c508 RCX: c7e8 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.475210] RDX: > RSI: 8801f3f1d970 RDI: 8801f887c508 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.476172] RBP: > 8801f88dfc88 R08: R09: > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.477138] R10: > 0001 R11: R12: 8801f3f1d970 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.478236] R13: > 8801f887c4a8 R14: R15: > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.479218] FS: > 7fd6b9473700() GS:88021520() > knlGS: > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.480182] CS: 0010 DS: > ES: CR0: 80050033 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.481143] CR2: > 0040 CR3: 00020f6a3000 CR4: 000407e0 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.482142] DR0: > DR1: DR2: > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.483121] DR3: > DR6: 0ff0 DR7: 0400 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.484094] Process cc1 (pid: > 2643, threadinfo 8801f88de000, task 8801fb32) > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.485070] Stack: > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.486030] 8161c6fe > 8801f887c508 8801f3f1d970 8801f887c4a8 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.487011] 8801f887c508 > 8801f3f1d970 8801f88dfcf8 810d237c > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.487995] 810d22bb > 8801f3f1d970 8801f4575e40 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.488981] Call Trace: > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.489957] > [] ? mutex_unlock+0xe/0x10 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.490934] > [] __audit_inode+0x13c/0x2a0 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.491927] > [] ? __audit_inode+0x7b/0x2a0 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.492916] > [] do_last+0x7ac/0xa90 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.493883] > [] path_openat+0xd9/0x410 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.494852] > [] ? sched_clock_cpu+0xbd/0x110 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.495817] > [] ? native_sched_clock+0x13/0x80 > Jul 31 15:32:11 pmoody-x220 kernel: [ 108.496774] > [] ? sched_clock+0x9/0x10 > Jul 31 15:32:11 pmoody-x220 kernel: [
Re: Oops in audit_copy_inode
This time with a cleaner Oops: Pid: 2643, comm: cc1 Not tainted 3.5.0-rc6-at17+ #33 LENOVO 4291AK7/4291AK7 RIP: 0010:[810cec30] [810cec30] audit_copy_inode+0x10/0x90 RSP: 0018:8801f88dfc58 EFLAGS: 00010282 RAX: 8801fb32 RBX: 8801f887c508 RCX: c7e8 RDX: RSI: 8801f3f1d970 RDI: 8801f887c508 RBP: 8801f88dfc88 R08: R09: R10: 0001 R11: R12: 8801f3f1d970 R13: 8801f887c4a8 R14: R15: FS: 7fd6b9473700() GS:88021520() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0040 CR3: 00020f6a3000 CR4: 000407e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process cc1 (pid: 2643, threadinfo 8801f88de000, task 8801fb32) Stack: 8161c6fe 8801f887c508 8801f3f1d970 8801f887c4a8 8801f887c508 8801f3f1d970 8801f88dfcf8 810d237c 810d22bb 8801f3f1d970 8801f4575e40 Call Trace: [8161c6fe] ? mutex_unlock+0xe/0x10 [810d237c] __audit_inode+0x13c/0x2a0 [810d22bb] ? __audit_inode+0x7b/0x2a0 [8117b44c] do_last+0x7ac/0xa90 [8117cad9] path_openat+0xd9/0x410 [81087f2d] ? sched_clock_cpu+0xbd/0x110 [8101a7a3] ? native_sched_clock+0x13/0x80 [8101a819] ? sched_clock+0x9/0x10 [8117cf32] do_filp_open+0x42/0xa0 [8161ed9b] ? _raw_spin_unlock+0x2b/0x40 [8118a2c2] ? alloc_fd+0xd2/0x120 [8116c2f8] do_sys_open+0xf8/0x1d0 [810d1a8c] ? __audit_syscall_entry+0xcc/0x310 [8116c3f1] sys_open+0x21/0x30 [81627529] system_call_fastpath+0x16/0x1b Code: 00 00 c7 45 cc 1f 00 00 00 e9 2c ff ff ff 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 54 53 48 83 ec 20 66 66 66 66 90 48 8b 42 40 49 89 f4 48 8d 77 34 48 89 fb 48 89 47 18 48 8b 42 RIP [810cec30] audit_copy_inode+0x10/0x90 RSP 8801f88dfc58 CR2: 0040 ---[ end trace bcccee9a00e71a3b ]--- On Tue, Jul 31, 2012 at 4:02 PM, Peter Moody pmo...@google.com wrote: I seem to have a reliable oops from 3.5.0-rc6 from Linus's tree. I've bisected it down to, I think, the following commit: 7157486541bffc0dfec912e21ae639b029dae3d3 The Oops: Jul 31 15:32:11 pmoody-x220 kernel: [ 108.471368] Pid: 2643, comm: cc1 Not tainted 3.5.0-rc6-at17+ #33 LENOVO 4291AK7/4291AK7 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.472342] RIP: 0010:[810cec30] [810cec30] audit_copy_inode+0x10/0x90 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.473300] RSP: 0018:8801f88dfc58 EFLAGS: 00010282 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.474253] RAX: 8801fb32 RBX: 8801f887c508 RCX: c7e8 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.475210] RDX: RSI: 8801f3f1d970 RDI: 8801f887c508 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.476172] RBP: 8801f88dfc88 R08: R09: Jul 31 15:32:11 pmoody-x220 kernel: [ 108.477138] R10: 0001 R11: R12: 8801f3f1d970 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.478236] R13: 8801f887c4a8 R14: R15: Jul 31 15:32:11 pmoody-x220 kernel: [ 108.479218] FS: 7fd6b9473700() GS:88021520() knlGS: Jul 31 15:32:11 pmoody-x220 kernel: [ 108.480182] CS: 0010 DS: ES: CR0: 80050033 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.481143] CR2: 0040 CR3: 00020f6a3000 CR4: 000407e0 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.482142] DR0: DR1: DR2: Jul 31 15:32:11 pmoody-x220 kernel: [ 108.483121] DR3: DR6: 0ff0 DR7: 0400 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.484094] Process cc1 (pid: 2643, threadinfo 8801f88de000, task 8801fb32) Jul 31 15:32:11 pmoody-x220 kernel: [ 108.485070] Stack: Jul 31 15:32:11 pmoody-x220 kernel: [ 108.486030] 8161c6fe 8801f887c508 8801f3f1d970 8801f887c4a8 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.487011] 8801f887c508 8801f3f1d970 8801f88dfcf8 810d237c Jul 31 15:32:11 pmoody-x220 kernel: [ 108.487995] 810d22bb 8801f3f1d970 8801f4575e40 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.488981] Call Trace: Jul 31 15:32:11 pmoody-x220 kernel: [ 108.489957] [8161c6fe] ? mutex_unlock+0xe/0x10 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.490934] [810d237c] __audit_inode+0x13c/0x2a0 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.491927] [810d22bb] ? __audit_inode+0x7b/0x2a0 Jul 31 15:32:11 pmoody-x220 kernel: [ 108.492916] [8117b44c] do_last+0x7ac/0xa90 Jul 31 15:32:11
Re: Oops in audit_copy_inode
Hi Peter,
Thanks for the report.
Here's a patch. I haven't tested it but I'm pretty confident that it
fixes the bug.
Thanks,
Miklos
Subject: vfs: fix audit_inode on negative dentry
From: Miklos Szeredi mszer...@suse.cz
Peter Moody reported an oops in audit_copy_inode() and bisected it to commit
7157486541 (vfs: do_last(): common slow lookup).
The problem is that audit_inode() in do_last() is called with a negative dentry.
Previously the non-O_CREAT case didn't call audit_inode() here, but now both
O_CREAT and non-O_CREAT opens are handled by the same code.
I really have no idea why this audit_inode() is needed here at all but am afaid
to remove this for fear of breaking audit somehow. So just fix this case by
checking for a negative dentry.
Reported-by: Peter Moody pmo...@google.com
Signed-off-by: Miklos Szeredi mszer...@suse.cz
CC: sta...@vger.kernel.org
---
fs/namei.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
Index: linux-2.6/fs/namei.c
===
--- linux-2.6.orig/fs/namei.c 2012-08-01 17:47:28.0 +0200
+++ linux-2.6/fs/namei.c2012-08-01 17:49:26.0 +0200
@@ -2607,10 +2607,12 @@ static int do_last(struct nameidata *nd,
goto finish_open_created;
}
- /*
-* It already exists.
-*/
- audit_inode(pathname, path-dentry);
+ if (path-dentry-d_inode) {
+ /*
+* It already exists.
+*/
+ audit_inode(pathname, path-dentry);
+ }
/*
* If atomic_open() acquired write access it is dropped now due to
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: Oops in audit_copy_inode
On Wed, Aug 1, 2012 at 9:11 AM, Miklos Szeredi mszer...@suse.cz wrote: Hi Peter, Thanks for the report. Here's a patch. I haven't tested it but I'm pretty confident that it fixes the bug. Thanks, Miklos Ack. I can confirm that I don't Oops with this patch. Thanks! Cheers, peter -- Peter Moody Google Security Engineer pgp:0xC3410038 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
