kernel BUG at .../fs/ceph/xattr.c:287!

All of lore.kernel.org
 help / color / mirror / Atom feed

* kernel BUG at .../fs/ceph/xattr.c:287!
@ 2015-05-19 12:39 CSa
  2015-05-19 12:50 ` Alex Elder
  0 siblings, 1 reply; 4+ messages in thread
From: CSa @ 2015-05-19 12:39 UTC (permalink / raw)
  To: ceph-devel

Hi,

we are encountering a bug in the cephfs client kernel module:


May 18 11:02:04 allegro kernel: [1020094.145209] ------------[ cut here 
]------------
May 18 11:02:04 allegro kernel: [1020094.149127] kernel BUG at /build/linux-
RGM_Ed/linux-3.16.7-ckt9/fs/ceph/xattr.c:287!
May 18 11:02:04 allegro kernel: [1020094.149127] invalid opcode: 0000 [#1] 
SMP 
[...]
May 18 11:02:04 allegro kernel: [1020094.149127] CPU: 2 PID: 1359 Comm: mv 
Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt9-3~deb8u1
[...]

(see full log at http://paste.debian.net/180292)


has anybody been hit by this so far?

ciao
Christian


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: kernel BUG at .../fs/ceph/xattr.c:287!
  2015-05-19 12:39 kernel BUG at .../fs/ceph/xattr.c:287! CSa
@ 2015-05-19 12:50 ` Alex Elder
  2015-05-19 13:10   ` Ilya Dryomov
  0 siblings, 1 reply; 4+ messages in thread
From: Alex Elder @ 2015-05-19 12:50 UTC (permalink / raw)
  To: CSa, ceph-devel

On 05/19/2015 07:39 AM, CSa wrote:
> Hi,
> 
> we are encountering a bug in the cephfs client kernel module:
> 
> 
> May 18 11:02:04 allegro kernel: [1020094.145209] ------------[ cut here 
> ]------------
> May 18 11:02:04 allegro kernel: [1020094.149127] kernel BUG at /build/linux-
> RGM_Ed/linux-3.16.7-ckt9/fs/ceph/xattr.c:287!
> May 18 11:02:04 allegro kernel: [1020094.149127] invalid opcode: 0000 [#1] 
> SMP 
> [...]
> May 18 11:02:04 allegro kernel: [1020094.149127] CPU: 2 PID: 1359 Comm: mv 
> Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt9-3~deb8u1
> [...]
> 
> (see full log at http://paste.debian.net/180292)

Based on a quick look at the code, I think this must be
a use-after-free.

The bug occurs if ceph_vxattrs_name_size() is given a non-NULL
vxattrs pointer that is neither ceph_dir_vxattrs nor ceph_file_vxattrs.
There is only one caller of ceph_vxattrs_name_size(), and it is
passed a value that's a result of a call to ceph_inode_vxattrs().
That function returns only three possible values: ceph_dir_vxattrs,
ceph_file_vxattrs, or NULL.

					-Alex

> 
> has anybody been hit by this so far?
> 
> ciao
> Christian
> 
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: kernel BUG at .../fs/ceph/xattr.c:287!
  2015-05-19 12:50 ` Alex Elder
@ 2015-05-19 13:10   ` Ilya Dryomov
  2015-05-19 13:21     ` Christian Salzmann
  0 siblings, 1 reply; 4+ messages in thread
From: Ilya Dryomov @ 2015-05-19 13:10 UTC (permalink / raw)
  To: Alex Elder; +Cc: CSa, Ceph Development

On Tue, May 19, 2015 at 3:50 PM, Alex Elder <elder@ieee.org> wrote:
> On 05/19/2015 07:39 AM, CSa wrote:
>> Hi,
>>
>> we are encountering a bug in the cephfs client kernel module:
>>
>>
>> May 18 11:02:04 allegro kernel: [1020094.145209] ------------[ cut here
>> ]------------
>> May 18 11:02:04 allegro kernel: [1020094.149127] kernel BUG at /build/linux-
>> RGM_Ed/linux-3.16.7-ckt9/fs/ceph/xattr.c:287!
>> May 18 11:02:04 allegro kernel: [1020094.149127] invalid opcode: 0000 [#1]
>> SMP
>> [...]
>> May 18 11:02:04 allegro kernel: [1020094.149127] CPU: 2 PID: 1359 Comm: mv
>> Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt9-3~deb8u1
>> [...]
>>
>> (see full log at http://paste.debian.net/180292)
>
> Based on a quick look at the code, I think this must be
> a use-after-free.
>
> The bug occurs if ceph_vxattrs_name_size() is given a non-NULL
> vxattrs pointer that is neither ceph_dir_vxattrs nor ceph_file_vxattrs.
> There is only one caller of ceph_vxattrs_name_size(), and it is
> passed a value that's a result of a call to ceph_inode_vxattrs().
> That function returns only three possible values: ceph_dir_vxattrs,
> ceph_file_vxattrs, or NULL.

Is there a symlink involved by any chance?  Probably fixed by
0abb43dcacb5 "ceph: fix llistxattr on symlink" in 3.18.

Thanks,

                Ilya

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: kernel BUG at .../fs/ceph/xattr.c:287!
  2015-05-19 13:10   ` Ilya Dryomov
@ 2015-05-19 13:21     ` Christian Salzmann
  0 siblings, 0 replies; 4+ messages in thread
From: Christian Salzmann @ 2015-05-19 13:21 UTC (permalink / raw)
  To: Ilya Dryomov, Alex Elder; +Cc: CSa, Ceph Development

[-- Attachment #1: Type: text/plain, Size: 238 bytes --]

On 19.05.2015 15:10, Ilya Dryomov wrote:

> Is there a symlink involved by any chance?  

Can't tell.

> Probably fixed by 0abb43dcacb5 "ceph: fix llistxattr on symlink" in 3.18.

thanks! I'll give it a try!

ciao
Christian


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 5480 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-05-19 13:29 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-19 12:39 kernel BUG at .../fs/ceph/xattr.c:287! CSa
2015-05-19 12:50 ` Alex Elder
2015-05-19 13:10   ` Ilya Dryomov
2015-05-19 13:21     ` Christian Salzmann

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.