[dhowells/mount-api] general protection fault in mqueue_get_tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi David,

I tried to run CRIU tests on your tree and found that it is impossible
to create a new ipc namespace:

[root@fc24 ~]# unshare -i
Segmentation fault

[root@fc24 ~]# dmesg
[   17.934761] general protection fault: 0000 [#1] SMP PTI
[   17.948481] CPU: 1 PID: 608 Comm: unshare Not tainted
4.19.0-rc2-00229-g0dd59e0a0039 #11
[   17.957983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS ?-20180531_142017-buildhw-08.phx2.fedoraproject.org-1.fc28
04/01/2014
[   17.961548] RIP: 0010:mqueue_get_tree+0x2f/0xb0
[   17.962283] Code: 41 54 55 53 4c 8b a7 90 00 00 00 48 89 fb 48 c7
c7 20 e5 4d 8d e8 71 4a 55 00 49 8b 04 24 48 8b 80 c8 06 00 00 48 85
c0 74 2e <48> 8b 40 08 48 8b 68 68 48 85 ed 74 0c 48 8d bd 80 00 00 00
e8 68
[   17.965269] RSP: 0018:ffffae47c0c1bdf8 EFLAGS: 00010202
[   17.966491] RAX: 6b6b6b6b6b6b6b6b RBX: ffff8ada34f4ac68 RCX: 00000000ff96505d
[   17.967799] RDX: 0000000000000001 RSI: 0000000004bef0d5 RDI: ffffffff8d4de520
[   17.969124] RBP: ffff8ada2be34108 R08: 0000000000000001 R09: 0000000000000000
[   17.970363] R10: ffffffff8d4de538 R11: ffffffff8e252540 R12: ffff8ada383cd4e0
[   17.971513] R13: 0000000000000000 R14: ffff8ada2bed8040 R15: 0000000000000000
[   17.972530] FS:  00007f1b78b0e500(0000) GS:ffff8ada3bb00000(0000)
knlGS:0000000000000000
[   17.973662] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   17.974514] CR2: 00007f1b78629d00 CR3: 000000012bece006 CR4: 00000000003606e0
[   17.975649] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   17.976748] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   17.977801] Call Trace:
[   17.978175]  vfs_get_tree+0x6e/0x170
[   17.978720]  mq_create_mount+0x62/0xb0
[   17.979292]  mq_init_ns+0x37/0x50
[   17.979798]  copy_ipcs+0xc9/0x160
[   17.980342]  create_new_namespaces+0xce/0x1b0
[   17.981016]  unshare_nsproxy_namespaces+0x55/0xb0
[   17.981786]  ksys_unshare+0x187/0x350
[   17.982373]  __x64_sys_unshare+0xe/0x20
[   17.982955]  do_syscall_64+0x60/0x210
[   17.983526]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   17.984283] RIP: 0033:0x7f1b78642c57
[   17.985062] Code: 73 01 c3 48 8b 0d 49 a2 2b 00 f7 d8 64 89 01 48
83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 10 01 00
00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 19 a2 2b 00 f7 d8 64 89
01 48
[   17.988297] RSP: 002b:00007ffe7f1128f8 EFLAGS: 00000246 ORIG_RAX:
0000000000000110
[   17.989578] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1b78642c57
[   17.990708] RDX: 00007f1b788fffe0 RSI: 0000000000000001 RDI: 0000000008000000
[   17.991603] RBP: 0000000008000000 R08: 0000000000000000 R09: 0000000000000000
[   17.992642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7f112a78
[   17.993657] R13: 0000000000000002 R14: 0000564e394c1a20 R15: 00000000ffffffff
[   17.994637] Modules linked in:
[   17.995089] ---[ end trace 15aed20d3dd9b964 ]---
[   17.995737] RIP: 0010:mqueue_get_tree+0x2f/0xb0
[   17.996393] Code: 41 54 55 53 4c 8b a7 90 00 00 00 48 89 fb 48 c7
c7 20 e5 4d 8d e8 71 4a 55 00 49 8b 04 24 48 8b 80 c8 06 00 00 48 85
c0 74 2e <48> 8b 40 08 48 8b 68 68 48 85 ed 74 0c 48 8d bd 80 00 00 00
e8 68
[   17.998975] RSP: 0018:ffffae47c0c1bdf8 EFLAGS: 00010202
[   17.999728] RAX: 6b6b6b6b6b6b6b6b RBX: ffff8ada34f4ac68 RCX: 00000000ff96505d
[   18.000748] RDX: 0000000000000001 RSI: 0000000004bef0d5 RDI: ffffffff8d4de520
[   18.001829] RBP: ffff8ada2be34108 R08: 0000000000000001 R09: 0000000000000000
[   18.002823] R10: ffffffff8d4de538 R11: ffffffff8e252540 R12: ffff8ada383cd4e0
[   18.003835] R13: 0000000000000000 R14: ffff8ada2bed8040 R15: 0000000000000000
[   18.004857] FS:  00007f1b78b0e500(0000) GS:ffff8ada3bb00000(0000)
knlGS:0000000000000000
[   18.005976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   18.006801] CR2: 00007f1b78629d00 CR3: 000000012bece006 CR4: 00000000003606e0
[   18.007802] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   18.008803] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   18.009806] BUG: sleeping function called from invalid context at
include/linux/percpu-rwsem.h:34
[   18.011025] in_atomic(): 1, irqs_disabled(): 0, pid: 608, name: unshare
[   18.011979] INFO: lockdep is turned off.
[   18.012568] CPU: 1 PID: 608 Comm: unshare Tainted: G      D
  4.19.0-rc2-00229-g0dd59e0a0039 #11
[   18.013886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS ?-20180531_142017-buildhw-08.phx2.fedoraproject.org-1.fc28
04/01/2014
[   18.015605] Call Trace:
[   18.015965]  dump_stack+0x85/0xc0
[   18.016431]  ___might_sleep.cold.73+0xac/0xbc
[   18.017030]  exit_signals+0x30/0x250
[   18.017521]  do_exit+0xb0/0xb70
[   18.017967]  ? ksys_unshare+0x187/0x350
[   18.018509]  rewind_stack_do_exit+0x17/0x20
[   18.019104] note: unshare[608] exited with preempt_count 1

$ git describe dhowells-fs/mount-api
v4.19-rc2-226-g2615362dc9ce

This issue disappears with this patch:
diff --git a/ipc/namespace.c b/ipc/namespace.c
index 21607791d62c..17de21d62b4d 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -50,6 +50,7 @@ static struct ipc_namespace *create_ipc_ns(struct
user_namespace *user_ns,
        if (err)
                goto fail_free;
        ns->ns.ops = &ipcns_operations;
+       ns->mq_mnt = NULL;

        refcount_set(&ns->count, 1);
        ns->user_ns = get_user_ns(user_ns);
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux