Date: Thu, 13 Oct 2016 10:07:08 -0400 (EDT) From: CAI Qian <caiqian@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation Running the trinity syscall fuzzer inside a docker container as an non-privileged user below, $ trinity -g vfs --arch 64 --disable-fds=sockets --disable-fds=perf --disable-fds=epoll --disable-fds=eventfd --disable-fds=pseudo --disable-fds=timerfd --disable-fds=memfd --disable-fds=drm always trigger a deadlock/hang at the fdatasync() syscall within 30 minutes with traces (including sysrq-w info as well) like this, http://people.redhat.com/qcai/tmp/dmesg This can be reproduced on any kernel post v4.4-rc1 as long as including this commit. fc0561cefc04e7803c0f6501ca4f310a502f65b8 xfs: optimise away log forces on timestamp updates for fdatasync Reverted the above commit against the latest mainline allows the trinity to run more than 10 hours without any deadlock/hang. This had also been reported to the XFS maintainer and diagnosed as a page lock order bug in the XFS seek hole/data implementation and presumably is still working on a fix better than to revert the above commit. CAI Qian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.