From: Jan Kara <jack@suse.cz>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>
Cc: Paul Moore <paul@paul-moore.com>,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
reiserfs-devel@vger.kernel.org, roberto.sassu@huawei.com,
syzkaller-bugs@googlegroups.com,
syzbot <syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com>,
Jan Kara <jack@suse.cz>, Jeff Mahoney <jeffm@suse.com>
Subject: Re: [syzbot] [reiserfs?] INFO: task hung in flush_old_commits
Date: Mon, 5 Jun 2023 14:36:04 +0200 [thread overview]
Message-ID: <20230605123604.7juo5siuooy2dip2@quack3> (raw)
In-Reply-To: <20230530112147.spvyjl7b4ss7re47@quack3>
On Tue 30-05-23 13:21:47, Jan Kara wrote:
> On Fri 26-05-23 11:45:57, Roberto Sassu wrote:
> > On Wed, 2023-05-24 at 17:57 -0400, Paul Moore wrote:
> > > On Wed, May 24, 2023 at 11:50 AM Roberto Sassu
> > > <roberto.sassu@huaweicloud.com> wrote:
> > > > On Wed, 2023-05-24 at 11:11 -0400, Paul Moore wrote:
> > > > > On Wed, May 24, 2023 at 5:59 AM syzbot
> > > > > <syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com> wrote:
> > > > > > syzbot has bisected this issue to:
> > > > > >
> > > > > > commit d82dcd9e21b77d338dc4875f3d4111f0db314a7c
> > > > > > Author: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > > Date: Fri Mar 31 12:32:18 2023 +0000
> > > > > >
> > > > > > reiserfs: Add security prefix to xattr name in reiserfs_security_write()
> > > > > >
> > > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11c39639280000
> > > > > > start commit: 421ca22e3138 Merge tag 'nfs-for-6.4-2' of git://git.linux-..
> > > > > > git tree: upstream
> > > > > > final oops: https://syzkaller.appspot.com/x/report.txt?x=13c39639280000
> > > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=15c39639280000
> > > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=7d8067683055e3f5
> > > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=0a684c061589dcc30e51
> > > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14312791280000
> > > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12da8605280000
> > > > > >
> > > > > > Reported-by: syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com
> > > > > > Fixes: d82dcd9e21b7 ("reiserfs: Add security prefix to xattr name in reiserfs_security_write()")
> > > > > >
> > > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> > > > >
> > > > > Roberto, I think we need to resolve this somehow. As I mentioned
> > > > > earlier, I don't believe this to be a fault in your patch, rather that
> > > > > patch simply triggered a situation that had not been present before,
> > > > > likely because the reiserfs code always failed when writing LSM
> > > > > xattrs. Regardless, we still need to fix the deadlocks that sysbot
> > > > > has been reporting.
> > > >
> > > > Hi Paul
> > > >
> > > > ok, I will try.
> > >
> > > Thanks Roberto. If it gets to be too challenging, let us know and we
> > > can look into safely disabling the LSM xattrs for reiserfs, I'll be
> > > shocked if anyone is successfully using LSM xattrs on reiserfs.
> >
> > Ok, at least I know what happens...
> >
> > + Jan, Jeff
> >
> > I'm focusing on this reproducer, which works 100% of the times:
> >
> > https://syzkaller.appspot.com/text?tag=ReproSyz&x=163079f9280000
>
> Well, the commit d82dcd9e21b ("reiserfs: Add security prefix to xattr name
> in reiserfs_security_write()") looks obviously broken to me. It does:
>
> char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX;
>
> Which is not how we can initialize strings in C... ;)
I'm growing old or what but indeed string assignment in initializers in C
works fine. It is only the assignment in code that would be problematic.
I'm sorry for the noise.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2023-06-05 12:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <000000000000be039005fc540ed7@google.com>
[not found] ` <00000000000018faf905fc6d9056@google.com>
2023-05-24 15:11 ` [syzbot] [reiserfs?] INFO: task hung in flush_old_commits Paul Moore
2023-05-24 15:50 ` Roberto Sassu
2023-05-24 21:57 ` Paul Moore
2023-05-26 9:45 ` Roberto Sassu
2023-05-30 11:21 ` Jan Kara
2023-05-30 15:44 ` Roberto Sassu
2023-06-05 12:36 ` Jan Kara [this message]
2023-06-05 12:42 ` Roberto Sassu
2024-03-07 9:27 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230605123604.7juo5siuooy2dip2@quack3 \
--to=jack@suse.cz \
--cc=jeffm@suse.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=reiserfs-devel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=syzbot+0a684c061589dcc30e51@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox