Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1215560150.734283.1476367628231.JavaMail.zimbra@redhat.com>
Date: Thu, 13 Oct 2016 10:07:08 -0400 (EDT)
From: CAI Qian <caiqian@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: kernel - local DoS due to a page lock order bug in the
 XFS seek hole/data implementation

Running the trinity syscall fuzzer inside a docker container as an non-privileged user below,

$ trinity -g vfs --arch 64 --disable-fds=sockets --disable-fds=perf --disable-fds=epoll
--disable-fds=eventfd --disable-fds=pseudo --disable-fds=timerfd --disable-fds=memfd
--disable-fds=drm

always trigger a deadlock/hang at the fdatasync() syscall within 30 minutes with traces
(including sysrq-w info as well) like this, http://people.redhat.com/qcai/tmp/dmesg

This can be reproduced on any kernel post v4.4-rc1 as long as including this commit.

fc0561cefc04e7803c0f6501ca4f310a502f65b8
xfs: optimise away log forces on timestamp updates for fdatasync

Reverted the above commit against the latest mainline allows the trinity to run more than
10 hours without any deadlock/hang.

This had also been reported to the XFS maintainer and diagnosed as a page lock order bug
in the XFS seek hole/data implementation and presumably is still working on a fix better
than to revert the above commit.

   CAI Qian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.