Hi Al,
On Mon, 14 May 2018 05:04:15 +0100 Al Viro wrote:
>
> On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote:
>
> > But there remains a refcount bug because deactivate_locked_super() from
> > kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb()
Hi Al,
On Mon, 14 May 2018 05:04:15 +0100 Al Viro wrote:
>
> On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote:
>
> > But there remains a refcount bug because deactivate_locked_super() from
> > kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb() via
> > sb->kill_sb() when
On Mon, May 14, 2018 at 05:04:15AM +0100, Al Viro wrote:
> diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c
> index b428d317ae92..92682fcc41f6 100644
> --- a/fs/sysfs/mount.c
> +++ b/fs/sysfs/mount.c
> @@ -25,7 +25,7 @@ static struct dentry *sysfs_mount(struct file_system_type
> *fs_type,
> {
>
On Mon, May 14, 2018 at 05:04:15AM +0100, Al Viro wrote:
> diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c
> index b428d317ae92..92682fcc41f6 100644
> --- a/fs/sysfs/mount.c
> +++ b/fs/sysfs/mount.c
> @@ -25,7 +25,7 @@ static struct dentry *sysfs_mount(struct file_system_type
> *fs_type,
> {
>
On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote:
> But there remains a refcount bug because deactivate_locked_super() from
> kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb() via
> sb->kill_sb() when kobj_ns_drop() is always called by sysfs_mount()
> if kernfs_mount_ns()
On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote:
> But there remains a refcount bug because deactivate_locked_super() from
> kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb() via
> sb->kill_sb() when kobj_ns_drop() is always called by sysfs_mount()
> if kernfs_mount_ns()
On Sun, May 13, 2018 at 11:19:46AM +0900, Tetsuo Handa wrote:
> This is what I reported at
> https://groups.google.com/d/msg/syzkaller-bugs/ISOJlV2I2QM/qHslGMi3AwAJ .
>
> We are currently waiting for comments from Al Viro.
1) the damn thing is unusable without javashit. Which gets about
the
On Sun, May 13, 2018 at 11:19:46AM +0900, Tetsuo Handa wrote:
> This is what I reported at
> https://groups.google.com/d/msg/syzkaller-bugs/ISOJlV2I2QM/qHslGMi3AwAJ .
>
> We are currently waiting for comments from Al Viro.
1) the damn thing is unusable without javashit. Which gets about
the
On 2018/05/13 2:01, syzbot wrote:
> Call Trace:
> __list_del_entry include/linux/list.h:117 [inline]
> list_del include/linux/list.h:125 [inline]
> kernfs_kill_sb+0xa0/0x350 fs/kernfs/mount.c:361
> sysfs_kill_sb+0x22/0x40 fs/sysfs/mount.c:50
> deactivate_locked_super+0x97/0x100 fs/super.c:316
On 2018/05/13 2:01, syzbot wrote:
> Call Trace:
> __list_del_entry include/linux/list.h:117 [inline]
> list_del include/linux/list.h:125 [inline]
> kernfs_kill_sb+0xa0/0x350 fs/kernfs/mount.c:361
> sysfs_kill_sb+0x22/0x40 fs/sysfs/mount.c:50
> deactivate_locked_super+0x97/0x100 fs/super.c:316
Hello,
syzbot found the following crash on:
HEAD commit:f0ab773f5c96 Merge branch 'akpm' (patches from Andrew)
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=140ce81780
kernel config: https://syzkaller.appspot.com/x/.config?x=fcce42b221691ff9
Hello,
syzbot found the following crash on:
HEAD commit:f0ab773f5c96 Merge branch 'akpm' (patches from Andrew)
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=140ce81780
kernel config: https://syzkaller.appspot.com/x/.config?x=fcce42b221691ff9
On 2018/04/20 11:44, Eric Biggers wrote:
> Fix for the kernfs bug is now queued in vfs/for-linus:
>
> #syz fix: kernfs: deal with early sget() failures
Well, the following patches
rpc_pipefs: deal with early sget() failures
kernfs: deal with early sget() failures
procfs: deal with early
On 2018/04/20 11:44, Eric Biggers wrote:
> Fix for the kernfs bug is now queued in vfs/for-linus:
>
> #syz fix: kernfs: deal with early sget() failures
Well, the following patches
rpc_pipefs: deal with early sget() failures
kernfs: deal with early sget() failures
procfs: deal with early
On Fri, Apr 20, 2018 at 09:31:58AM +0200, Michal Hocko wrote:
> On Fri 20-04-18 14:29:39, Tetsuo Handa wrote:
> > Eric Biggers wrote:
> > > But, there is still a related bug: when mounting sysfs, if
> > > register_shrinker()
> > > fails in sget_userns(), then kernfs_kill_sb() gets called, which
On Fri, Apr 20, 2018 at 09:31:58AM +0200, Michal Hocko wrote:
> On Fri 20-04-18 14:29:39, Tetsuo Handa wrote:
> > Eric Biggers wrote:
> > > But, there is still a related bug: when mounting sysfs, if
> > > register_shrinker()
> > > fails in sget_userns(), then kernfs_kill_sb() gets called, which
On Fri 20-04-18 14:29:39, Tetsuo Handa wrote:
> Eric Biggers wrote:
> > But, there is still a related bug: when mounting sysfs, if
> > register_shrinker()
> > fails in sget_userns(), then kernfs_kill_sb() gets called, which frees the
> > 'struct kernfs_super_info'. But, the 'struct
On Fri 20-04-18 14:29:39, Tetsuo Handa wrote:
> Eric Biggers wrote:
> > But, there is still a related bug: when mounting sysfs, if
> > register_shrinker()
> > fails in sget_userns(), then kernfs_kill_sb() gets called, which frees the
> > 'struct kernfs_super_info'. But, the 'struct
On Thu, Apr 19, 2018 at 07:44:40PM -0700, Eric Biggers wrote:
> On Mon, Apr 02, 2018 at 03:34:15PM +0100, Al Viro wrote:
> > On Mon, Apr 02, 2018 at 07:40:22PM +0900, Tetsuo Handa wrote:
> >
> > > That commit assumes that calling kill_sb() from deactivate_locked_super(s)
> > > without
On Thu, Apr 19, 2018 at 07:44:40PM -0700, Eric Biggers wrote:
> On Mon, Apr 02, 2018 at 03:34:15PM +0100, Al Viro wrote:
> > On Mon, Apr 02, 2018 at 07:40:22PM +0900, Tetsuo Handa wrote:
> >
> > > That commit assumes that calling kill_sb() from deactivate_locked_super(s)
> > > without
On Mon, Apr 02, 2018 at 03:34:15PM +0100, Al Viro wrote:
> On Mon, Apr 02, 2018 at 07:40:22PM +0900, Tetsuo Handa wrote:
>
> > That commit assumes that calling kill_sb() from deactivate_locked_super(s)
> > without corresponding fill_super() is safe. We have so far crashed with
> > rpc_mount() and
On Mon, Apr 02, 2018 at 03:34:15PM +0100, Al Viro wrote:
> On Mon, Apr 02, 2018 at 07:40:22PM +0900, Tetsuo Handa wrote:
>
> > That commit assumes that calling kill_sb() from deactivate_locked_super(s)
> > without corresponding fill_super() is safe. We have so far crashed with
> > rpc_mount() and
On Mon, Apr 02, 2018 at 07:40:22PM +0900, Tetsuo Handa wrote:
> That commit assumes that calling kill_sb() from deactivate_locked_super(s)
> without corresponding fill_super() is safe. We have so far crashed with
> rpc_mount() and kernfs_mount_ns(). Is that really safe?
Consider the case
On Mon, Apr 02, 2018 at 07:40:22PM +0900, Tetsuo Handa wrote:
> That commit assumes that calling kill_sb() from deactivate_locked_super(s)
> without corresponding fill_super() is safe. We have so far crashed with
> rpc_mount() and kernfs_mount_ns(). Is that really safe?
Consider the case
On 2018/04/02 2:01, syzbot wrote:
> Hello,
>
> syzbot hit the following crash on bpf-next commit
> 7828f20e3779e4e85e55371e0e43f5006a15fb41 (Sat Mar 31 00:17:57 2018 +)
> Merge branch 'bpf-cgroup-bind-connect'
> syzbot dashboard link:
>
On 2018/04/02 2:01, syzbot wrote:
> Hello,
>
> syzbot hit the following crash on bpf-next commit
> 7828f20e3779e4e85e55371e0e43f5006a15fb41 (Sat Mar 31 00:17:57 2018 +)
> Merge branch 'bpf-cgroup-bind-connect'
> syzbot dashboard link:
>
Hello,
syzbot hit the following crash on bpf-next commit
7828f20e3779e4e85e55371e0e43f5006a15fb41 (Sat Mar 31 00:17:57 2018 +)
Merge branch 'bpf-cgroup-bind-connect'
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=151de3f2be6b40ac8026
So far this crash happened 3 times on
Hello,
syzbot hit the following crash on bpf-next commit
7828f20e3779e4e85e55371e0e43f5006a15fb41 (Sat Mar 31 00:17:57 2018 +)
Merge branch 'bpf-cgroup-bind-connect'
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=151de3f2be6b40ac8026
So far this crash happened 3 times on
28 matches
Mail list logo