From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: Jan Kara <jack@suse.cz>
Cc: Paul Moore <paul@paul-moore.com>,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
reiserfs-devel@vger.kernel.org, roberto.sassu@huawei.com,
syzkaller-bugs@googlegroups.com,
syzbot <syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com>,
Jeff Mahoney <jeffm@suse.com>
Subject: Re: [syzbot] [reiserfs?] INFO: task hung in flush_old_commits
Date: Mon, 05 Jun 2023 14:42:13 +0200 [thread overview]
Message-ID: <6a9f6314f21c5e4dd2960c12626e14c4ce8c8163.camel@huaweicloud.com> (raw)
In-Reply-To: <20230605123604.7juo5siuooy2dip2@quack3>
On Mon, 2023-06-05 at 14:36 +0200, Jan Kara wrote:
> On Tue 30-05-23 13:21:47, Jan Kara wrote:
> > On Fri 26-05-23 11:45:57, Roberto Sassu wrote:
> > > On Wed, 2023-05-24 at 17:57 -0400, Paul Moore wrote:
> > > > On Wed, May 24, 2023 at 11:50 AM Roberto Sassu
> > > > <roberto.sassu@huaweicloud.com> wrote:
> > > > > On Wed, 2023-05-24 at 11:11 -0400, Paul Moore wrote:
> > > > > > On Wed, May 24, 2023 at 5:59 AM syzbot
> > > > > > <syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com> wrote:
> > > > > > > syzbot has bisected this issue to:
> > > > > > >
> > > > > > > commit d82dcd9e21b77d338dc4875f3d4111f0db314a7c
> > > > > > > Author: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > > > Date: Fri Mar 31 12:32:18 2023 +0000
> > > > > > >
> > > > > > > reiserfs: Add security prefix to xattr name in reiserfs_security_write()
> > > > > > >
> > > > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11c39639280000
> > > > > > > start commit: 421ca22e3138 Merge tag 'nfs-for-6.4-2' of git://git.linux-..
> > > > > > > git tree: upstream
> > > > > > > final oops: https://syzkaller.appspot.com/x/report.txt?x=13c39639280000
> > > > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=15c39639280000
> > > > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=7d8067683055e3f5
> > > > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=0a684c061589dcc30e51
> > > > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14312791280000
> > > > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12da8605280000
> > > > > > >
> > > > > > > Reported-by: syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com
> > > > > > > Fixes: d82dcd9e21b7 ("reiserfs: Add security prefix to xattr name in reiserfs_security_write()")
> > > > > > >
> > > > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> > > > > >
> > > > > > Roberto, I think we need to resolve this somehow. As I mentioned
> > > > > > earlier, I don't believe this to be a fault in your patch, rather that
> > > > > > patch simply triggered a situation that had not been present before,
> > > > > > likely because the reiserfs code always failed when writing LSM
> > > > > > xattrs. Regardless, we still need to fix the deadlocks that sysbot
> > > > > > has been reporting.
> > > > >
> > > > > Hi Paul
> > > > >
> > > > > ok, I will try.
> > > >
> > > > Thanks Roberto. If it gets to be too challenging, let us know and we
> > > > can look into safely disabling the LSM xattrs for reiserfs, I'll be
> > > > shocked if anyone is successfully using LSM xattrs on reiserfs.
> > >
> > > Ok, at least I know what happens...
> > >
> > > + Jan, Jeff
> > >
> > > I'm focusing on this reproducer, which works 100% of the times:
> > >
> > > https://syzkaller.appspot.com/text?tag=ReproSyz&x=163079f9280000
> >
> > Well, the commit d82dcd9e21b ("reiserfs: Add security prefix to xattr name
> > in reiserfs_security_write()") looks obviously broken to me. It does:
> >
> > char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX;
> >
> > Which is not how we can initialize strings in C... ;)
>
> I'm growing old or what but indeed string assignment in initializers in C
> works fine. It is only the assignment in code that would be problematic.
> I'm sorry for the noise.
Cool, thanks!
It seems the difference with just doing memcpy() is that the compiler
fully initializes the array (256 bytes), instead of copying the
required amount.
Roberto
next prev parent reply other threads:[~2023-06-05 12:42 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-23 3:33 [syzbot] [reiserfs?] INFO: task hung in flush_old_commits syzbot
2023-05-24 9:59 ` syzbot
2023-05-24 15:11 ` Paul Moore
2023-05-24 15:50 ` Roberto Sassu
2023-05-24 21:57 ` Paul Moore
2023-05-26 9:45 ` Roberto Sassu
2023-05-30 11:21 ` Jan Kara
2023-05-30 15:44 ` Roberto Sassu
2023-06-05 12:36 ` Jan Kara
2023-06-05 12:42 ` Roberto Sassu [this message]
2024-03-07 9:27 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6a9f6314f21c5e4dd2960c12626e14c4ce8c8163.camel@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=jack@suse.cz \
--cc=jeffm@suse.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=reiserfs-devel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).