Re: logfs: kernel NULL dereference

From: "Jörn Engel" <joern@logfs.org>
To: dm-devel@redhat.com
Cc: Witold Baryluk <baryluk@smp.if.uj.edu.pl>,
	Prasad Joshi <prasadjoshi124@gmail.com>,
	Aniket Sane <aniketsane@gmail.com>
Subject: Re: logfs: kernel NULL dereference
Date: Wed, 14 Sep 2011 20:34:29 +0200	[thread overview]
Message-ID: <20110914183429.GE24351@logfs.org> (raw)
In-Reply-To: <20110914182425.GD24351@logfs.org>

Forwarded to dm-devel.  Problem is a NULL pointer dereference in
kcryptd_io_read, which is triggered when mounting logfs.  If someone
with device mapper knowledge could have a look, that would be useful.

On Wed, 14 September 2011 20:24:25 +0200, Jörn Engel wrote:
> 
> Ok, I can reliably reproduce the problem with the following, based on
> your description:
> 
> truncate -s 0 foo
> truncate -s 1G foo
> losetup -v -f foo
> cryptsetup luksFormat /dev/loop0
> cryptsetup luksOpen /dev/loop0 foo
> pvcreate /dev/mapper/foo
> vgcreate our_volume /dev/mapper/foo
> lvcreate -L 128M -n logfstest our_volume
> yes yes | mklogfs /dev/mapper/our_volume-logfstest
> mount /dev/mapper/our_volume-logfstest /mnt/
> 
> It is a bit annoying that cryptsetup cannot easily be scripted.  Oh
> well!  Problem is indeed with the memcpy, except that
> bio_iovec(base_bio) is NULL, not clone->bi_io_vec.  I have added this
> line in a bunch of places to get a better idea.
> 	printk("%p %p %p %s\n", bio, bio->bi_io_vec, bio_iovec(bio), __func__);
> 
> ffff88023424fc18 ffff88023424fca8 ffff88023424fca8 sync_request
> ffff88023424fc18 ffff88023424fca8 ffff88023424fca8 dm_request
> ffff88023424fc18 ffff88023424fca8 ffff88023424fca8 _dm_request
> ffff88023424fc18 ffff88023424fca8 ffff88023424fca8 __split_and_process_bio
> ffff880235a10d40           (null)           (null) __map_bio
> ffff880235a10d40           (null)           (null) dm_request
> ffff880235a10d40           (null)           (null) _dm_request
> ffff880235a10d40           (null)           (null) __split_and_process_bio
> ffff880235368780           (null)           (null) __map_bio
> ffff880235368780           (null)           (null) crypt_map
> ffff880235368780           (null)           (null) kcryptd_io_read
> 
> So __split_and_process_bio creates two new bios, both of which lack a
> bi_io_vec member and one of which gets passed to kcryptd_io_read
> eventually.  Ho hum.
> 
> My understanding of device mapper is not good enough yet to understand
> what is really going on here.
> 
> Jörn
> 
> -- 
> One of my most productive days was throwing away 1000 lines of code.
> -- Ken Thompson.

Jörn

-- 
In America you can have either a flimsy box banged together out of two
by fours and drywall, or a McMansion -- a flimsy box banged together
out of two by fours and drywall, but larger, more dramatic-looking,
and full of expensive fittings.
-- Paul Graham

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel