Date: Thu, 13 Oct 2016 10:07:08 -0400 (EDT) From: CAI Qian <caiqian@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation Running the trinity syscall fuzzer inside a docker container as an non-privileged user below, $ trinity -g vfs --arch 64 --disable-fds=sockets --disable-fds=perf --disable-fds=epoll --disable-fds=eventfd --disable-fds=pseudo --disable-fds=timerfd --disable-fds=memfd --disable-fds=drm always trigger a deadlock/hang at the fdatasync() syscall within 30 minutes with traces (including sysrq-w info as well) like this, http://people.redhat.com/qcai/tmp/dmesg This can be reproduced on any kernel post v4.4-rc1 as long as including this commit. fc0561cefc04e7803c0f6501ca4f310a502f65b8 xfs: optimise away log forces on timestamp updates for fdatasync Reverted the above commit against the latest mainline allows the trinity to run more than 10 hours without any deadlock/hang. This had also been reported to the XFS maintainer and diagnosed as a page lock order bug in the XFS seek hole/data implementation and presumably is still working on a fix better than to revert the above commit. CAI Qian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ