* BUG: unable to handle kernel paging request at 0000000100000003 - Oops: 0000 [#1] SMP
@ 2014-02-21 11:40 poma
2014-02-21 13:08 ` Richard Weinberger
0 siblings, 1 reply; 5+ messages in thread
From: poma @ 2014-02-21 11:40 UTC (permalink / raw)
To: Mailing-List fedora-kernel
Cc: Linux Kernel list, Josh Boyer, Justin M. Forbes,
Stanislaw Gruszka
Affected kernels - 3.14.0-0.rc3*:
- 3.14.0-0.rc3.git0.1
http://koji.fedoraproject.org/koji/buildinfo?buildID=498711
- 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1
- 3.14.0-0.rc3.git2.1
http://koji.fedoraproject.org/koji/buildinfo?buildID=499061
- 3.14.0-0.rc3.git5.1
http://koji.fedoraproject.org/koji/buildinfo?buildID=499636
Memtest86+ 4.20 - OK
http://goo.gl/1nm1nV
RHBZ
https://bugzilla.redhat.com/show_bug.cgi?id=1067919
messages-Oops-es-3.14.0-0.rc3
https://bugzilla.redhat.com/attachment.cgi?id=865926
poma
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: unable to handle kernel paging request at 0000000100000003 - Oops: 0000 [#1] SMP
2014-02-21 11:40 BUG: unable to handle kernel paging request at 0000000100000003 - Oops: 0000 [#1] SMP poma
@ 2014-02-21 13:08 ` Richard Weinberger
2014-02-21 15:48 ` Jan Kara
0 siblings, 1 reply; 5+ messages in thread
From: Richard Weinberger @ 2014-02-21 13:08 UTC (permalink / raw)
To: poma
Cc: Mailing-List fedora-kernel, Linux Kernel list, Josh Boyer,
Justin M. Forbes, Stanislaw Gruszka, Jiri Kosina, Dave Jones,
Jan Kara, Christoph Hellwig, eparis, Al Viro, Hugh Dickins,
Andrew Morton, Linus Torvalds
On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima@gmail.com> wrote:
>
> Affected kernels - 3.14.0-0.rc3*:
>
> - 3.14.0-0.rc3.git0.1
> http://koji.fedoraproject.org/koji/buildinfo?buildID=498711
>
> - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1
>
> - 3.14.0-0.rc3.git2.1
> http://koji.fedoraproject.org/koji/buildinfo?buildID=499061
>
> - 3.14.0-0.rc3.git5.1
> http://koji.fedoraproject.org/koji/buildinfo?buildID=499636
>
> Memtest86+ 4.20 - OK
> http://goo.gl/1nm1nV
>
> RHBZ
> https://bugzilla.redhat.com/show_bug.cgi?id=1067919
>
> messages-Oops-es-3.14.0-0.rc3
> https://bugzilla.redhat.com/attachment.cgi?id=865926
Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do
not share events between notification groups)
and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after
free for permission events) introduced this regression.
CC'ing more guys.
--
Thanks,
//richard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: unable to handle kernel paging request at 0000000100000003 - Oops: 0000 [#1] SMP
2014-02-21 13:08 ` Richard Weinberger
@ 2014-02-21 15:48 ` Jan Kara
2014-03-03 19:13 ` poma
0 siblings, 1 reply; 5+ messages in thread
From: Jan Kara @ 2014-02-21 15:48 UTC (permalink / raw)
To: Richard Weinberger
Cc: poma, Mailing-List fedora-kernel, Linux Kernel list, Josh Boyer,
Justin M. Forbes, Stanislaw Gruszka, Jiri Kosina, Dave Jones,
Jan Kara, Christoph Hellwig, eparis, Al Viro, Hugh Dickins,
Andrew Morton, Linus Torvalds
On Fri 21-02-14 14:08:03, Richard Weinberger wrote:
> On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima@gmail.com> wrote:
> >
> > Affected kernels - 3.14.0-0.rc3*:
> >
> > - 3.14.0-0.rc3.git0.1
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=498711
> >
> > - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1
> >
> > - 3.14.0-0.rc3.git2.1
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=499061
> >
> > - 3.14.0-0.rc3.git5.1
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=499636
> >
> > Memtest86+ 4.20 - OK
> > http://goo.gl/1nm1nV
> >
> > RHBZ
> > https://bugzilla.redhat.com/show_bug.cgi?id=1067919
> >
> > messages-Oops-es-3.14.0-0.rc3
> > https://bugzilla.redhat.com/attachment.cgi?id=865926
>
> Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do
> not share events between notification groups)
> and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after
> free for permission events) introduced this regression.
So the immediate problem seems to be that event->tgid is 0xffffffff
instead of a pointer. I don't see how this could be use after free and we
unconditionally initialize event->tgid to something sensible. Hum, but if
it is an overflow event, we are in a trouble since that doesn't have ->tgid
field at all so we read random crap that happens to be beyond the event
structure. Actually there seem to be more problems in the handling of
overflow event so I better add that to my testing (both for fanotify and
inotify). I'll work on the fix. Thanks for report!
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: unable to handle kernel paging request at 0000000100000003 - Oops: 0000 [#1] SMP
2014-02-21 15:48 ` Jan Kara
@ 2014-03-03 19:13 ` poma
2014-03-03 20:17 ` Jan Kara
0 siblings, 1 reply; 5+ messages in thread
From: poma @ 2014-03-03 19:13 UTC (permalink / raw)
To: Jan Kara, Richard Weinberger
Cc: Mailing-List fedora-kernel, Linux Kernel list, Josh Boyer,
Justin M. Forbes, Stanislaw Gruszka, Jiri Kosina, Dave Jones,
Christoph Hellwig, eparis, Al Viro, Hugh Dickins, Andrew Morton,
Linus Torvalds
On 21.02.2014 16:48, Jan Kara wrote:
> On Fri 21-02-14 14:08:03, Richard Weinberger wrote:
>> On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima@gmail.com> wrote:
>>>
>>> Affected kernels - 3.14.0-0.rc3*:
>>>
>>> - 3.14.0-0.rc3.git0.1
>>> http://koji.fedoraproject.org/koji/buildinfo?buildID=498711
>>>
>>> - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1
>>>
>>> - 3.14.0-0.rc3.git2.1
>>> http://koji.fedoraproject.org/koji/buildinfo?buildID=499061
>>>
>>> - 3.14.0-0.rc3.git5.1
>>> http://koji.fedoraproject.org/koji/buildinfo?buildID=499636
>>>
>>> Memtest86+ 4.20 - OK
>>> http://goo.gl/1nm1nV
>>>
>>> RHBZ
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1067919
>>>
>>> messages-Oops-es-3.14.0-0.rc3
>>> https://bugzilla.redhat.com/attachment.cgi?id=865926
>>
>> Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do
>> not share events between notification groups)
>> and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after
>> free for permission events) introduced this regression.
> So the immediate problem seems to be that event->tgid is 0xffffffff
> instead of a pointer. I don't see how this could be use after free and we
> unconditionally initialize event->tgid to something sensible. Hum, but if
> it is an overflow event, we are in a trouble since that doesn't have ->tgid
> field at all so we read random crap that happens to be beyond the event
> structure. Actually there seem to be more problems in the handling of
> overflow event so I better add that to my testing (both for fanotify and
> inotify). I'll work on the fix. Thanks for report!
>
> Honza
>
The test was successfully completed with the '3.14-rc5'.
Thanks guys, Jan for the patchwork!
poma
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: unable to handle kernel paging request at 0000000100000003 - Oops: 0000 [#1] SMP
2014-03-03 19:13 ` poma
@ 2014-03-03 20:17 ` Jan Kara
0 siblings, 0 replies; 5+ messages in thread
From: Jan Kara @ 2014-03-03 20:17 UTC (permalink / raw)
To: poma
Cc: Jan Kara, Richard Weinberger, Mailing-List fedora-kernel,
Linux Kernel list, Josh Boyer, Justin M. Forbes,
Stanislaw Gruszka, Jiri Kosina, Dave Jones, Christoph Hellwig,
eparis, Al Viro, Hugh Dickins, Andrew Morton, Linus Torvalds
On Mon 03-03-14 20:13:00, poma wrote:
> On 21.02.2014 16:48, Jan Kara wrote:
> > On Fri 21-02-14 14:08:03, Richard Weinberger wrote:
> >> On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima@gmail.com> wrote:
> >>>
> >>> Affected kernels - 3.14.0-0.rc3*:
> >>>
> >>> - 3.14.0-0.rc3.git0.1
> >>> http://koji.fedoraproject.org/koji/buildinfo?buildID=498711
> >>>
> >>> - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1
> >>>
> >>> - 3.14.0-0.rc3.git2.1
> >>> http://koji.fedoraproject.org/koji/buildinfo?buildID=499061
> >>>
> >>> - 3.14.0-0.rc3.git5.1
> >>> http://koji.fedoraproject.org/koji/buildinfo?buildID=499636
> >>>
> >>> Memtest86+ 4.20 - OK
> >>> http://goo.gl/1nm1nV
> >>>
> >>> RHBZ
> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1067919
> >>>
> >>> messages-Oops-es-3.14.0-0.rc3
> >>> https://bugzilla.redhat.com/attachment.cgi?id=865926
> >>
> >> Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do
> >> not share events between notification groups)
> >> and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after
> >> free for permission events) introduced this regression.
> > So the immediate problem seems to be that event->tgid is 0xffffffff
> > instead of a pointer. I don't see how this could be use after free and we
> > unconditionally initialize event->tgid to something sensible. Hum, but if
> > it is an overflow event, we are in a trouble since that doesn't have ->tgid
> > field at all so we read random crap that happens to be beyond the event
> > structure. Actually there seem to be more problems in the handling of
> > overflow event so I better add that to my testing (both for fanotify and
> > inotify). I'll work on the fix. Thanks for report!
> >
> > Honza
> >
>
> The test was successfully completed with the '3.14-rc5'.
> Thanks guys, Jan for the patchwork!
Thanks for testing and letting me know!
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-03-03 20:17 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-21 11:40 BUG: unable to handle kernel paging request at 0000000100000003 - Oops: 0000 [#1] SMP poma
2014-02-21 13:08 ` Richard Weinberger
2014-02-21 15:48 ` Jan Kara
2014-03-03 19:13 ` poma
2014-03-03 20:17 ` Jan Kara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox