* Re: general protection fault in __dentry_path
[not found] ` <0000000000004a10840580ab4277@google.com>
@ 2019-01-30 13:49 ` Tetsuo Handa
0 siblings, 0 replies; 11+ messages in thread
From: Tetsuo Handa @ 2019-01-30 13:49 UTC (permalink / raw)
To: kvm; +Cc: syzbot, syzkaller-bugs, viro
This report should be sent to KVM people.
I guess that a lack of serialization between kvm_create_vm_debugfs() from
kvm_dev_ioctl_create_vm() and kvm_destroy_vm_debugfs() from kvm_destroy_vm()
is causing a race on kvm->debugfs_dentry when kvm_uevent_notify_change()
called dentry_path_raw(kvm->debugfs_dentry).
On 2019/01/30 20:32, syzbot wrote:
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 02495e76ded5 Add linux-next specific files for 20190130
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=106161ef400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a2b2e9c0bc43c14d
> dashboard link: https://syzkaller.appspot.com/bug?extid=7857962b4d45e602b8ad
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1182e5b8c00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
>
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] PREEMPT SMP KASAN
> CPU: 0 PID: 8239 Comm: syz-executor4 Not tainted 5.0.0-rc4-next-20190130 #22
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:__dentry_path+0x2a5/0xaa0 fs/d_path.c:344
> Code: 00 00 e8 1e 9d 9f ff 48 c7 c7 68 26 81 89 e8 72 c4 14 06 e8 0d 9d 9f ff 48 8b 85 00 ff ff ff 48 8d 78 40 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 b0 07 00 00 48 8b 85 00 ff ff ff 4c 8b 68 40
> RSP: 0018:ffff88808ab5f8a8 EFLAGS: 00010207
> RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffffff81e27f21
> RDX: 0000000000000000 RSI: ffffffff81e27c43 RDI: 000000000000002f
> RBP: ffff88808ab5f9d0 R08: ffff88809edd4280 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808ab5f9a8
> R13: 0000000000000000 R14: 0000000000000c78 R15: dffffc0000000000
> FS: 00007f69a6d18700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 000000000144a008 CR3: 00000000a1190000 CR4: 00000000001426f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> dentry_path_raw+0x26/0x30 fs/d_path.c:371
> kvm_uevent_notify_change.part.0+0x213/0x440 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4050
> kvm_uevent_notify_change arch/x86/kvm/../../../virt/kvm/kvm_main.c:4017 [inline]
> kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3355 [inline]
> kvm_dev_ioctl+0x137a/0x1a60 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3377
> vfs_ioctl fs/ioctl.c:46 [inline]
> file_ioctl fs/ioctl.c:509 [inline]
> do_vfs_ioctl+0x107b/0x17d0 fs/ioctl.c:696
> ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
> __do_sys_ioctl fs/ioctl.c:720 [inline]
> __se_sys_ioctl fs/ioctl.c:718 [inline]
> __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
> do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x458089
> Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
> RSP: 002b:00007f69a6d17c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458089
> RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006
> RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f69a6d186d4
> R13: 00000000004c0bcf R14: 00000000004d2890 R15: 00000000ffffffff
> Modules linked in:
> ---[ end trace c2b508264c762aae ]---
> RIP: 0010:__dentry_path+0x2a5/0xaa0 fs/d_path.c:344
> Code: 00 00 e8 1e 9d 9f ff 48 c7 c7 68 26 81 89 e8 72 c4 14 06 e8 0d 9d 9f ff 48 8b 85 00 ff ff ff 48 8d 78 40 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 b0 07 00 00 48 8b 85 00 ff ff ff 4c 8b 68 40
> RSP: 0018:ffff88808ab5f8a8 EFLAGS: 00010207
> RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffffff81e27f21
> RDX: 0000000000000000 RSI: ffffffff81e27c43 RDI: 000000000000002f
> RBP: ffff88808ab5f9d0 R08: ffff88809edd4280 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808ab5f9a8
> R13: 0000000000000000 R14: 0000000000000c78 R15: dffffc0000000000
> FS: 00007f69a6d18700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007fec12a1fdb8 CR3: 00000000a1190000 CR4: 00000000001426f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: general protection fault in __dentry_path
[not found] <0000000000007e10c50580aa7684@google.com>
[not found] ` <0000000000004a10840580ab4277@google.com>
@ 2019-02-21 4:14 ` syzbot
2019-02-26 19:19 ` Eric Biggers
1 sibling, 1 reply; 11+ messages in thread
From: syzbot @ 2019-02-21 4:14 UTC (permalink / raw)
To: kvm, linux-fsdevel, linux-kernel, penguin-kernel, syzkaller-bugs,
viro
syzbot has found a reproducer for the following crash on:
HEAD commit: 2137397c92ae Merge tag 'sound-5.0' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1270bf78c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7132344728e7ec3f
dashboard link: https://syzkaller.appspot.com/bug?extid=7857962b4d45e602b8ad
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=150bee14c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f401d4c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12576 Comm: syz-executor696 Not tainted 5.0.0-rc7+ #81
kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__dentry_path+0x49e/0x7c0 fs/d_path.c:344
Code: 89 fc 41 83 e4 01 44 89 e6 e8 fe e4 b2 ff 45 84 e4 0f 85 04 02 00 00
e8 b0 e3 b2 ff 48 8b 85 18 ff ff ff 44 89 bd 40 ff ff ff <80> 38 00 0f 85
f9 02 00 00 48 8b 85 38 ff ff ff 41 83 e7 01 44 89
kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
RSP: 0018:ffff888096127c58 EFLAGS: 00010293
RAX: dffffc0000000005 RBX: 0000000000000000 RCX: ffffffff81bcfdc2
RDX: 0000000000000000 RSI: ffffffff81bcfdd0 RDI: 0000000000000001
RBP: ffff888096127d48 R08: ffff88809b17c540 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff888096127d20 R14: ffff888092473afe R15: 0000000000014e78
FS: 0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7fe4b40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000080fb028 CR3: 000000009de68000 CR4: 00000000001426f0
kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
Call Trace:
kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
dentry_path_raw+0x26/0x30 fs/d_path.c:371
kvm_uevent_notify_change.part.0+0x213/0x440
arch/x86/kvm/../../../virt/kvm/kvm_main.c:4051
kvm_uevent_notify_change arch/x86/kvm/../../../virt/kvm/kvm_main.c:4018
[inline]
kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3356
[inline]
kvm_dev_ioctl+0x1132/0x1750 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3378
__do_compat_sys_ioctl fs/compat_ioctl.c:1052 [inline]
__se_compat_sys_ioctl fs/compat_ioctl.c:998 [inline]
__ia32_compat_sys_ioctl+0x197/0x620 fs/compat_ioctl.c:998
do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
do_fast_syscall_32+0x281/0xc98 arch/x86/entry/common.c:397
entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fe8869
Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90
90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90
90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f7fe41fc EFLAGS: 00000293 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ae01
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000003d0f00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 4fe494385b47fe74 ]---
kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
RIP: 0010:__dentry_path+0x49e/0x7c0 fs/d_path.c:344
Code: 89 fc 41 83 e4 01 44 89 e6 e8 fe e4 b2 ff 45 84 e4 0f 85 04 02 00 00
e8 b0 e3 b2 ff 48 8b 85 18 ff ff ff 44 89 bd 40 ff ff ff <80> 38 00 0f 85
f9 02 00 00 48 8b 85 38 ff ff ff 41 83 e7 01 44 89
RSP: 0018:ffff888096127c58 EFLAGS: 00010293
RAX: dffffc0000000005 RBX: 0000000000000000 RCX: ffffffff81bcfdc2
RDX: 0000000000000000 RSI: ffffffff81bcfdd0 RDI: 0000000000000001
RBP: ffff888096127d48 R08: ffff88809b17c540 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff888096127d20 R14: ffff888092473afe R15: 0000000000014e78
kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
FS: 0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7fe4b40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000080fb038 CR3: 000000009de68000 CR4: 00000000001426f0
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: general protection fault in __dentry_path
2019-02-21 4:14 ` syzbot
@ 2019-02-26 19:19 ` Eric Biggers
2019-02-27 8:38 ` Greg Kroah-Hartman
2019-02-28 15:08 ` [PATCH] kvm: properly check debugfs dentry before using it Greg Kroah-Hartman
0 siblings, 2 replies; 11+ messages in thread
From: Eric Biggers @ 2019-02-26 19:19 UTC (permalink / raw)
To: Greg Kroah-Hartman, kvm
Cc: syzbot, linux-fsdevel, linux-kernel, penguin-kernel,
syzkaller-bugs, viro
On Wed, Feb 20, 2019 at 08:14:03PM -0800, syzbot wrote:
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 2137397c92ae Merge tag 'sound-5.0' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1270bf78c00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=7132344728e7ec3f
> dashboard link: https://syzkaller.appspot.com/bug?extid=7857962b4d45e602b8ad
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> userspace arch: i386
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=150bee14c00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f401d4c00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
>
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] PREEMPT SMP KASAN
> CPU: 0 PID: 12576 Comm: syz-executor696 Not tainted 5.0.0-rc7+ #81
> kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:__dentry_path+0x49e/0x7c0 fs/d_path.c:344
> Code: 89 fc 41 83 e4 01 44 89 e6 e8 fe e4 b2 ff 45 84 e4 0f 85 04 02 00 00
> e8 b0 e3 b2 ff 48 8b 85 18 ff ff ff 44 89 bd 40 ff ff ff <80> 38 00 0f 85 f9
> 02 00 00 48 8b 85 38 ff ff ff 41 83 e7 01 44 89
> kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path =
> '/devices/virtual/misc/kvm'
> RSP: 0018:ffff888096127c58 EFLAGS: 00010293
> RAX: dffffc0000000005 RBX: 0000000000000000 RCX: ffffffff81bcfdc2
> RDX: 0000000000000000 RSI: ffffffff81bcfdd0 RDI: 0000000000000001
> RBP: ffff888096127d48 R08: ffff88809b17c540 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: ffff888096127d20 R14: ffff888092473afe R15: 0000000000014e78
> FS: 0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7fe4b40
> CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
> CR2: 00000000080fb028 CR3: 000000009de68000 CR4: 00000000001426f0
> kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
> Call Trace:
> kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path =
> '/devices/virtual/misc/kvm'
> dentry_path_raw+0x26/0x30 fs/d_path.c:371
> kvm_uevent_notify_change.part.0+0x213/0x440
> arch/x86/kvm/../../../virt/kvm/kvm_main.c:4051
> kvm_uevent_notify_change arch/x86/kvm/../../../virt/kvm/kvm_main.c:4018
> [inline]
> kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3356
> [inline]
> kvm_dev_ioctl+0x1132/0x1750 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3378
> __do_compat_sys_ioctl fs/compat_ioctl.c:1052 [inline]
> __se_compat_sys_ioctl fs/compat_ioctl.c:998 [inline]
> __ia32_compat_sys_ioctl+0x197/0x620 fs/compat_ioctl.c:998
> do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
> do_fast_syscall_32+0x281/0xc98 arch/x86/entry/common.c:397
> entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
> RIP: 0023:0xf7fe8869
> Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90
> 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90
> 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
> RSP: 002b:00000000f7fe41fc EFLAGS: 00000293 ORIG_RAX: 0000000000000036
> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ae01
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: 00000000003d0f00 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> Modules linked in:
> ---[ end trace 4fe494385b47fe74 ]---
> kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
> RIP: 0010:__dentry_path+0x49e/0x7c0 fs/d_path.c:344
> Code: 89 fc 41 83 e4 01 44 89 e6 e8 fe e4 b2 ff 45 84 e4 0f 85 04 02 00 00
> e8 b0 e3 b2 ff 48 8b 85 18 ff ff ff 44 89 bd 40 ff ff ff <80> 38 00 0f 85 f9
> 02 00 00 48 8b 85 38 ff ff ff 41 83 e7 01 44 89
> RSP: 0018:ffff888096127c58 EFLAGS: 00010293
> RAX: dffffc0000000005 RBX: 0000000000000000 RCX: ffffffff81bcfdc2
> RDX: 0000000000000000 RSI: ffffffff81bcfdd0 RDI: 0000000000000001
> RBP: ffff888096127d48 R08: ffff88809b17c540 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: ffff888096127d20 R14: ffff888092473afe R15: 0000000000014e78
> kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path =
> '/devices/virtual/misc/kvm'
> FS: 0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7fe4b40
> CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
> CR2: 00000000080fb038 CR3: 000000009de68000 CR4: 00000000001426f0
>
Hi Greg, this started happening with:
commit ff9fb72bc07705c00795ca48631f7fffe24d2c6b (HEAD)
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed Jan 23 11:28:14 2019 +0100
debugfs: return error values, not NULL
But virt/kvm/kvm_main.c still checks for NULL:
if (kvm->debugfs_dentry) {
char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
if (p) {
tmp = dentry_path_raw(kvm->debugfs_dentry, p, PATH_MAX);
if (!IS_ERR(tmp))
add_uevent_var(env, "STATS_PATH=%s", tmp);
kfree(p);
}
}
... and sometimes kvm->debugfs_dentry = ERR_PTR(-EEXIST).
- Eric
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: general protection fault in __dentry_path
2019-02-26 19:19 ` Eric Biggers
@ 2019-02-27 8:38 ` Greg Kroah-Hartman
2019-02-28 15:08 ` [PATCH] kvm: properly check debugfs dentry before using it Greg Kroah-Hartman
1 sibling, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2019-02-27 8:38 UTC (permalink / raw)
To: Eric Biggers
Cc: kvm, syzbot, linux-fsdevel, linux-kernel, penguin-kernel,
syzkaller-bugs, viro
On Tue, Feb 26, 2019 at 11:19:33AM -0800, Eric Biggers wrote:
> On Wed, Feb 20, 2019 at 08:14:03PM -0800, syzbot wrote:
> > syzbot has found a reproducer for the following crash on:
> >
> > HEAD commit: 2137397c92ae Merge tag 'sound-5.0' of git://git.kernel.org..
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=1270bf78c00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=7132344728e7ec3f
> > dashboard link: https://syzkaller.appspot.com/bug?extid=7857962b4d45e602b8ad
> > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > userspace arch: i386
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=150bee14c00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f401d4c00000
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
> >
> > kasan: CONFIG_KASAN_INLINE enabled
> > kasan: GPF could be caused by NULL-ptr deref or user memory access
> > general protection fault: 0000 [#1] PREEMPT SMP KASAN
> > CPU: 0 PID: 12576 Comm: syz-executor696 Not tainted 5.0.0-rc7+ #81
> > kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011
> > RIP: 0010:__dentry_path+0x49e/0x7c0 fs/d_path.c:344
> > Code: 89 fc 41 83 e4 01 44 89 e6 e8 fe e4 b2 ff 45 84 e4 0f 85 04 02 00 00
> > e8 b0 e3 b2 ff 48 8b 85 18 ff ff ff 44 89 bd 40 ff ff ff <80> 38 00 0f 85 f9
> > 02 00 00 48 8b 85 38 ff ff ff 41 83 e7 01 44 89
> > kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path =
> > '/devices/virtual/misc/kvm'
> > RSP: 0018:ffff888096127c58 EFLAGS: 00010293
> > RAX: dffffc0000000005 RBX: 0000000000000000 RCX: ffffffff81bcfdc2
> > RDX: 0000000000000000 RSI: ffffffff81bcfdd0 RDI: 0000000000000001
> > RBP: ffff888096127d48 R08: ffff88809b17c540 R09: 0000000000000000
> > R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> > R13: ffff888096127d20 R14: ffff888092473afe R15: 0000000000014e78
> > FS: 0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7fe4b40
> > CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
> > CR2: 00000000080fb028 CR3: 000000009de68000 CR4: 00000000001426f0
> > kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
> > Call Trace:
> > kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path =
> > '/devices/virtual/misc/kvm'
> > dentry_path_raw+0x26/0x30 fs/d_path.c:371
> > kvm_uevent_notify_change.part.0+0x213/0x440
> > arch/x86/kvm/../../../virt/kvm/kvm_main.c:4051
> > kvm_uevent_notify_change arch/x86/kvm/../../../virt/kvm/kvm_main.c:4018
> > [inline]
> > kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3356
> > [inline]
> > kvm_dev_ioctl+0x1132/0x1750 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3378
> > __do_compat_sys_ioctl fs/compat_ioctl.c:1052 [inline]
> > __se_compat_sys_ioctl fs/compat_ioctl.c:998 [inline]
> > __ia32_compat_sys_ioctl+0x197/0x620 fs/compat_ioctl.c:998
> > do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
> > do_fast_syscall_32+0x281/0xc98 arch/x86/entry/common.c:397
> > entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
> > RIP: 0023:0xf7fe8869
> > Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90
> > 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90
> > 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
> > RSP: 002b:00000000f7fe41fc EFLAGS: 00000293 ORIG_RAX: 0000000000000036
> > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ae01
> > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> > RBP: 00000000003d0f00 R08: 0000000000000000 R09: 0000000000000000
> > R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> > Modules linked in:
> > ---[ end trace 4fe494385b47fe74 ]---
> > kobject: 'kvm' (00000000985ff3e6): kobject_uevent_env
> > RIP: 0010:__dentry_path+0x49e/0x7c0 fs/d_path.c:344
> > Code: 89 fc 41 83 e4 01 44 89 e6 e8 fe e4 b2 ff 45 84 e4 0f 85 04 02 00 00
> > e8 b0 e3 b2 ff 48 8b 85 18 ff ff ff 44 89 bd 40 ff ff ff <80> 38 00 0f 85 f9
> > 02 00 00 48 8b 85 38 ff ff ff 41 83 e7 01 44 89
> > RSP: 0018:ffff888096127c58 EFLAGS: 00010293
> > RAX: dffffc0000000005 RBX: 0000000000000000 RCX: ffffffff81bcfdc2
> > RDX: 0000000000000000 RSI: ffffffff81bcfdd0 RDI: 0000000000000001
> > RBP: ffff888096127d48 R08: ffff88809b17c540 R09: 0000000000000000
> > R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> > R13: ffff888096127d20 R14: ffff888092473afe R15: 0000000000014e78
> > kobject: 'kvm' (00000000985ff3e6): fill_kobj_path: path =
> > '/devices/virtual/misc/kvm'
> > FS: 0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7fe4b40
> > CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
> > CR2: 00000000080fb038 CR3: 000000009de68000 CR4: 00000000001426f0
> >
>
> Hi Greg, this started happening with:
>
> commit ff9fb72bc07705c00795ca48631f7fffe24d2c6b (HEAD)
> Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Date: Wed Jan 23 11:28:14 2019 +0100
>
> debugfs: return error values, not NULL
>
> But virt/kvm/kvm_main.c still checks for NULL:
>
> if (kvm->debugfs_dentry) {
> char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
>
> if (p) {
> tmp = dentry_path_raw(kvm->debugfs_dentry, p, PATH_MAX);
> if (!IS_ERR(tmp))
> add_uevent_var(env, "STATS_PATH=%s", tmp);
> kfree(p);
> }
> }
>
> ... and sometimes kvm->debugfs_dentry = ERR_PTR(-EEXIST).
Ugh, thanks for the notification. I'll make a fix for this after my
coffee kicks in this morning...
greg k-h
^ permalink raw reply [flat|nested] 11+ messages in thread* [PATCH] kvm: properly check debugfs dentry before using it
2019-02-26 19:19 ` Eric Biggers
2019-02-27 8:38 ` Greg Kroah-Hartman
@ 2019-02-28 15:08 ` Greg Kroah-Hartman
2019-02-28 15:14 ` Paolo Bonzini
1 sibling, 1 reply; 11+ messages in thread
From: Greg Kroah-Hartman @ 2019-02-28 15:08 UTC (permalink / raw)
To: Paolo Bonzini, Radim Krčmář, Eric Biggers
Cc: kvm, syzbot, linux-fsdevel, linux-kernel, penguin-kernel,
syzkaller-bugs, viro
debugfs can now report an error code if something went wrong instead of
just NULL. So if the return value is to be used as a "real" dentry, it
needs to be checked if it is an error before dereferencing it.
This is now happening because of ff9fb72bc077 ("debugfs: return error
values, not NULL"). syzbot has found a way to trigger multiple debugfs
files attempting to be created, which fails, and then the error code
gets passed to dentry_path_raw() which obviously does not like it.
Reported-by: Eric Biggers <ebiggers@kernel.org>
Reported-and-tested-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: kvm@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Paolo, this should be merged into 5.0-final, and if not there, then
5.1-rc1 and then backported to 5.0 through the stable tree. If you
want me to send this to Linus, I will be glad to do so.
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 585845203db8..076bc38963bf 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -4044,7 +4044,7 @@ static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm)
}
add_uevent_var(env, "PID=%d", kvm->userspace_pid);
- if (kvm->debugfs_dentry) {
+ if (!IS_ERR_OR_NULL(kvm->debugfs_dentry)) {
char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
if (p) {
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [PATCH] kvm: properly check debugfs dentry before using it
2019-02-28 15:08 ` [PATCH] kvm: properly check debugfs dentry before using it Greg Kroah-Hartman
@ 2019-02-28 15:14 ` Paolo Bonzini
2019-02-28 15:32 ` Greg Kroah-Hartman
0 siblings, 1 reply; 11+ messages in thread
From: Paolo Bonzini @ 2019-02-28 15:14 UTC (permalink / raw)
To: Greg Kroah-Hartman, Radim Krčmář, Eric Biggers
Cc: kvm, syzbot, linux-fsdevel, linux-kernel, penguin-kernel,
syzkaller-bugs, viro
On 28/02/19 16:08, Greg Kroah-Hartman wrote:
> debugfs can now report an error code if something went wrong instead of
> just NULL. So if the return value is to be used as a "real" dentry, it
> needs to be checked if it is an error before dereferencing it.
>
> This is now happening because of ff9fb72bc077 ("debugfs: return error
> values, not NULL"). syzbot has found a way to trigger multiple debugfs
> files attempting to be created, which fails, and then the error code
> gets passed to dentry_path_raw() which obviously does not like it.
>
> Reported-by: Eric Biggers <ebiggers@kernel.org>
> Reported-and-tested-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: "Radim Krčmář" <rkrcmar@redhat.com>
> Cc: kvm@vger.kernel.org
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
>
> Paolo, this should be merged into 5.0-final, and if not there, then
> 5.1-rc1 and then backported to 5.0 through the stable tree. If you
> want me to send this to Linus, I will be glad to do so.
>
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index 585845203db8..076bc38963bf 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -4044,7 +4044,7 @@ static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm)
> }
> add_uevent_var(env, "PID=%d", kvm->userspace_pid);
>
> - if (kvm->debugfs_dentry) {
> + if (!IS_ERR_OR_NULL(kvm->debugfs_dentry)) {
> char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
>
> if (p) {
>
Sure, go ahead.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] kvm: properly check debugfs dentry before using it
2019-02-28 15:14 ` Paolo Bonzini
@ 2019-02-28 15:32 ` Greg Kroah-Hartman
0 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2019-02-28 15:32 UTC (permalink / raw)
To: Paolo Bonzini
Cc: Radim Krčmář, Eric Biggers, kvm, syzbot,
linux-fsdevel, linux-kernel, penguin-kernel, syzkaller-bugs, viro
On Thu, Feb 28, 2019 at 04:14:50PM +0100, Paolo Bonzini wrote:
> On 28/02/19 16:08, Greg Kroah-Hartman wrote:
> > debugfs can now report an error code if something went wrong instead of
> > just NULL. So if the return value is to be used as a "real" dentry, it
> > needs to be checked if it is an error before dereferencing it.
> >
> > This is now happening because of ff9fb72bc077 ("debugfs: return error
> > values, not NULL"). syzbot has found a way to trigger multiple debugfs
> > files attempting to be created, which fails, and then the error code
> > gets passed to dentry_path_raw() which obviously does not like it.
> >
> > Reported-by: Eric Biggers <ebiggers@kernel.org>
> > Reported-and-tested-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
> > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > Cc: "Radim Krčmář" <rkrcmar@redhat.com>
> > Cc: kvm@vger.kernel.org
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> > ---
> >
> > Paolo, this should be merged into 5.0-final, and if not there, then
> > 5.1-rc1 and then backported to 5.0 through the stable tree. If you
> > want me to send this to Linus, I will be glad to do so.
> >
> >
> > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> > index 585845203db8..076bc38963bf 100644
> > --- a/virt/kvm/kvm_main.c
> > +++ b/virt/kvm/kvm_main.c
> > @@ -4044,7 +4044,7 @@ static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm)
> > }
> > add_uevent_var(env, "PID=%d", kvm->userspace_pid);
> >
> > - if (kvm->debugfs_dentry) {
> > + if (!IS_ERR_OR_NULL(kvm->debugfs_dentry)) {
> > char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
> >
> > if (p) {
> >
>
> Sure, go ahead.
>
> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Wonderful, will do so right now, thanks!
greg k-h
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH] kvm: properly check debugfs dentry before using it
@ 2019-02-28 15:34 Greg Kroah-Hartman
2019-02-28 16:58 ` Linus Torvalds
2019-02-28 17:17 ` Eric Biggers
0 siblings, 2 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2019-02-28 15:34 UTC (permalink / raw)
To: Linus Torvalds
Cc: Paolo Bonzini, Radim Krčmář, Eric Biggers, kvm,
syzbot, linux-fsdevel, linux-kernel, penguin-kernel,
syzkaller-bugs, viro
debugfs can now report an error code if something went wrong instead of
just NULL. So if the return value is to be used as a "real" dentry, it
needs to be checked if it is an error before dereferencing it.
This is now happening because of ff9fb72bc077 ("debugfs: return error
values, not NULL"). syzbot has found a way to trigger multiple debugfs
files attempting to be created, which fails, and then the error code
gets passed to dentry_path_raw() which obviously does not like it.
Reported-by: Eric Biggers <ebiggers@kernel.org>
Reported-and-tested-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: kvm@vger.kernel.org
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Linus, this should go in before 5.0-final is out, as it resolves a
problem found by syzbot. Paolo has given his ack for me to send this
directly to you. If you want this in [GIT PULL] format, I can do that
as well.
virt/kvm/kvm_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -4044,7 +4044,7 @@ static void kvm_uevent_notify_change(uns
}
add_uevent_var(env, "PID=%d", kvm->userspace_pid);
- if (kvm->debugfs_dentry) {
+ if (!IS_ERR_OR_NULL(kvm->debugfs_dentry)) {
char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
if (p) {
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] kvm: properly check debugfs dentry before using it
2019-02-28 15:34 Greg Kroah-Hartman
@ 2019-02-28 16:58 ` Linus Torvalds
2019-02-28 17:17 ` Eric Biggers
1 sibling, 0 replies; 11+ messages in thread
From: Linus Torvalds @ 2019-02-28 16:58 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Paolo Bonzini, Radim Krčmář, Eric Biggers,
KVM list, syzbot, linux-fsdevel, Linux List Kernel Mailing,
Tetsuo Handa, syzkaller-bugs, Al Viro
On Thu, Feb 28, 2019 at 7:34 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> Linus, this should go in before 5.0-final is out, as it resolves a
> problem found by syzbot. Paolo has given his ack for me to send this
> directly to you. If you want this in [GIT PULL] format, I can do that
> as well.
Applied, thanks,
Linus
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] kvm: properly check debugfs dentry before using it
2019-02-28 15:34 Greg Kroah-Hartman
2019-02-28 16:58 ` Linus Torvalds
@ 2019-02-28 17:17 ` Eric Biggers
2019-02-28 18:04 ` Greg Kroah-Hartman
1 sibling, 1 reply; 11+ messages in thread
From: Eric Biggers @ 2019-02-28 17:17 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Linus Torvalds, Paolo Bonzini, Radim Krčmář, kvm,
syzbot, linux-fsdevel, linux-kernel, penguin-kernel,
syzkaller-bugs, viro
On Thu, Feb 28, 2019 at 04:34:37PM +0100, Greg Kroah-Hartman wrote:
> debugfs can now report an error code if something went wrong instead of
> just NULL. So if the return value is to be used as a "real" dentry, it
> needs to be checked if it is an error before dereferencing it.
>
> This is now happening because of ff9fb72bc077 ("debugfs: return error
> values, not NULL"). syzbot has found a way to trigger multiple debugfs
> files attempting to be created, which fails, and then the error code
> gets passed to dentry_path_raw() which obviously does not like it.
>
> Reported-by: Eric Biggers <ebiggers@kernel.org>
> Reported-and-tested-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
> Cc: "Radim Krčmář" <rkrcmar@redhat.com>
> Cc: kvm@vger.kernel.org
> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>
> Linus, this should go in before 5.0-final is out, as it resolves a
> problem found by syzbot. Paolo has given his ack for me to send this
> directly to you. If you want this in [GIT PULL] format, I can do that
> as well.
>
> virt/kvm/kvm_main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -4044,7 +4044,7 @@ static void kvm_uevent_notify_change(uns
> }
> add_uevent_var(env, "PID=%d", kvm->userspace_pid);
>
> - if (kvm->debugfs_dentry) {
> + if (!IS_ERR_OR_NULL(kvm->debugfs_dentry)) {
> char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
>
> if (p) {
So what about the other checks of kvm->debugfs_dentry, in
kvm_destroy_vm_debugfs() and kvm_create_vcpu_debugfs()?
- Eric
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] kvm: properly check debugfs dentry before using it
2019-02-28 17:17 ` Eric Biggers
@ 2019-02-28 18:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2019-02-28 18:04 UTC (permalink / raw)
To: Eric Biggers
Cc: Linus Torvalds, Paolo Bonzini, Radim Krčmář, kvm,
syzbot, linux-fsdevel, linux-kernel, penguin-kernel,
syzkaller-bugs, viro
On Thu, Feb 28, 2019 at 09:17:28AM -0800, Eric Biggers wrote:
> On Thu, Feb 28, 2019 at 04:34:37PM +0100, Greg Kroah-Hartman wrote:
> > debugfs can now report an error code if something went wrong instead of
> > just NULL. So if the return value is to be used as a "real" dentry, it
> > needs to be checked if it is an error before dereferencing it.
> >
> > This is now happening because of ff9fb72bc077 ("debugfs: return error
> > values, not NULL"). syzbot has found a way to trigger multiple debugfs
> > files attempting to be created, which fails, and then the error code
> > gets passed to dentry_path_raw() which obviously does not like it.
> >
> > Reported-by: Eric Biggers <ebiggers@kernel.org>
> > Reported-and-tested-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com
> > Cc: "Radim Krčmář" <rkrcmar@redhat.com>
> > Cc: kvm@vger.kernel.org
> > Acked-by: Paolo Bonzini <pbonzini@redhat.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> >
> > Linus, this should go in before 5.0-final is out, as it resolves a
> > problem found by syzbot. Paolo has given his ack for me to send this
> > directly to you. If you want this in [GIT PULL] format, I can do that
> > as well.
> >
> > virt/kvm/kvm_main.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > --- a/virt/kvm/kvm_main.c
> > +++ b/virt/kvm/kvm_main.c
> > @@ -4044,7 +4044,7 @@ static void kvm_uevent_notify_change(uns
> > }
> > add_uevent_var(env, "PID=%d", kvm->userspace_pid);
> >
> > - if (kvm->debugfs_dentry) {
> > + if (!IS_ERR_OR_NULL(kvm->debugfs_dentry)) {
> > char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL);
> >
> > if (p) {
>
> So what about the other checks of kvm->debugfs_dentry, in
> kvm_destroy_vm_debugfs() and kvm_create_vcpu_debugfs()?
Those are fine, they do not matter as they are only calling other
debugfs calls which can handle error codes just fine. The only issue is
when you try to use the dentry for something "real" like this that bad
things can happen.
Luckily this was only the case in about 4 places in the kernel, all of
which should be fixed now.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2019-02-28 18:04 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <0000000000007e10c50580aa7684@google.com>
[not found] ` <0000000000004a10840580ab4277@google.com>
2019-01-30 13:49 ` general protection fault in __dentry_path Tetsuo Handa
2019-02-21 4:14 ` syzbot
2019-02-26 19:19 ` Eric Biggers
2019-02-27 8:38 ` Greg Kroah-Hartman
2019-02-28 15:08 ` [PATCH] kvm: properly check debugfs dentry before using it Greg Kroah-Hartman
2019-02-28 15:14 ` Paolo Bonzini
2019-02-28 15:32 ` Greg Kroah-Hartman
2019-02-28 15:34 Greg Kroah-Hartman
2019-02-28 16:58 ` Linus Torvalds
2019-02-28 17:17 ` Eric Biggers
2019-02-28 18:04 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox