From: alexey.kodanev-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org
To: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Cc: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Dan Carpenter
<dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Subject: the NULL deref on umount in the 3.9.0-rc7 kernel
Date: Thu, 18 Apr 2013 15:37:36 +0400 [thread overview]
Message-ID: <516FDB00.7070605@oracle.com> (raw)
Hi All
I would like to report the NULL deref on umount. Tested it in linux
kernel 3.7.10 and it's still in the 3.9.0-rc7.
/
Test-case description:
Mount cgroup filesystem with xattr option and create inside root cgroup
another hierarchy.
Then set extended attribute to any files within root hierarchy or sub
hierarchie.
Then remove (rmdir) sub hierarchy and call umount cgroup filesystem.
Afterthat, umount crash the kernel.
Also, if you don't remove sub hierarchy (steps 1.4 & 2.9 in examples
below), calling umount will produce nothing except that cgroup
filesystem will be unmounted (no cgroup files in the directory) but with
error: cgroups continue working, while call mount again to get control
access to running cgroups will produce error, such as filesystem is
already mounted, but in /proc/mounts you don't have such mount point.
And there is no way to get control access back to the running cgroups,
except for reboot.
Here are some manual methods which will reproduce Linux crash.
1. One way to reproduce this fault:
1.1% mount -t cgroup cgroot_test -o xattr /sys/fs/cgroup
1.2% mkdir /sys/fs/cgroup/test_subsys
1.3% setfattr -n trusted.value -v test_value /sys/fs/cgroup/tasks
1.4% rmdir /sys/fs/cgroup/test_subsys
1.5% umount cgroot_test
2. Another way:
2.1% mount -t tmpfs cgroup_root /sys/fs/cgroup
2.2% mkdir /sys/fs/cgroup/rg1
2.3% mount -t cgroup -o cpuset,xattr hier1 /sys/fs/cgroup/rg1
2.4% cd /sys/fs/cgroup/rg1
2.5% mkdir test_subsys
2.6% setfattr -n trusted.value -v test_value ./tasks
2.7% setfattr -n trusted.value -v test_value ./test_subsys
2.8% setfattr -n trusted.value -v test_value ./test_subsys/tasks
2.9% rmdir test_subsys
2.10% cd ../
2.11% umount hier1
Thanks,
Alexey Kodanev
/
next reply other threads:[~2013-04-18 11:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-18 11:37 alexey.kodanev-QHcLZuEGTsvQT0dZR+AlfA [this message]
[not found] ` <516FDB00.7070605-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2013-04-19 3:22 ` the NULL deref on umount in the 3.9.0-rc7 kernel Li Zefan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=516FDB00.7070605@oracle.com \
--to=alexey.kodanev-qhclzuegtsvqt0dzr+alfa@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).