Re: [PATCH 0/11] more compounding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ronnie Sahlberg <lsahlber@xxxxxxxxxx> writes:
> Here is an updated version to test with.
> It fixes an issue with RMDIR and smb3 encryption.
> It also contain a temporary hack in the last patch to prevent
> dequeue_mid() from crashing with a corrupted mid list.
> That patch is only here until we understand that issue better and just
> so we can play with the rest of the compounding improvements.

Ran xfstests again. It goes further along but still does a null ptr
deref while running generic/339:

| ==================================================================
| BUG: KASAN: null-ptr-deref in _raw_spin_lock_irqsave+0x17/0x40
| Write of size 4 at addr 0000000000000000 by task cifsd/19622
| 
| CPU: 0 PID: 19622 Comm: cifsd Not tainted 4.18.0+ #18
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
| Call Trace:
|  dump_stack+0x5b/0x8b
|  kasan_report+0x253/0x2a0
|  ? _raw_spin_lock_irqsave+0x17/0x40
|  _raw_spin_lock_irqsave+0x17/0x40
|  remove_wait_queue+0x12/0x50
|  sk_wait_data+0xf6/0x110
|  ? autoremove_wake_function+0x30/0x30
|  tcp_recvmsg+0x434/0xb00
|  ? __update_load_avg_cfs_rq+0xfa/0x1a0
|  inet_recvmsg+0xa5/0xd0
|  cifs_readv_from_socket+0xfe/0x1e0
|  cifs_read_from_socket+0x3d/0x50
|  ? try_to_wake_up+0x413/0x430
|  ? allocate_buffers+0x85/0xf0
|  cifs_demultiplex_thread+0xe9/0xb40
|  kthread+0x126/0x130
|  ? cifs_handle_standard+0x180/0x180
|  ? kthread_destroy_worker+0x40/0x40
|  ret_from_fork+0x35/0x40

Full log can be found here [1]
It looks like a similar code path, when we read a packet. Also during
this test I see a lot of binary garbage in the file names on the log but
I think this is on purpose.

generic/339 calls:

    src/dirhash_collide -d -n 10000 $testdir >>$seqres.full 2>&1
    
implemented in src/dirhash_collide.c and its purpose is to "Generate
files or directories with hash collisions on a XFS filesystem". I'm not
sure the hashing part is relevant to cifs (is it using the same alg?)
but the -d flag makes the tool create directory. A lot of them
(10000).

1: http://zbeul.ist/tmp/cifs-compounding-crash-2018-08-24.txt.bz2

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux