From: James W M. <mcm...@ju...> - 2003-11-23 23:19:05
|
I have been tracing down the Oops on a vanilla 2.4.22 kernel This appears to be a Oops with a semaphore held that will lock out all other accesses to the tmpfs/shmfs filesystem. I traced it to read_dir in hostfs_user.c by setting breakpoints on all the hostfs_user.c functions. Ok I now have a simple test program which Oops the host kernel instantly (3 times through loop) This is very strange my attached test program when run as a unprivileged user Oops the kernel and locks /dev/shm in general a unprivileged user should not be able to do this It has taken a while in order to check that the kernel I was running was without patches (i.e. no skas) It still Oops on the third loop :( I have also noted that the tmpfs/shmfs does not have a set of files like other filesystems under fs/ it seems to be located in mm/shmem.c instead... very strange Oh well it is a problem with the vanilla 2.4.22 kernel so more testing and off to the LKML... Anybody have a better guess where to send this? For your Enjoyment the test program /* by James_McMechan at hotmail com */ /* test program to Oops shmfs usually mounted at /dev/shm */ /* yes it is dumb but unprivileged users should not be able */ /* to Oops the kernel regardless of how dumb the program */ #include <sys/types.h> #include <dirent.h> #include <stdio.h> main() { DIR *dir; struct dirent *ent; off_t pos = 0; do { dir = opendir("/dev/shm"); seekdir(dir, pos); ent = readdir(dir); if (ent == 0) { printf("end of directory\n"); perror("readdir ended with"); } else { printf("d_name is %s\n",ent->d_name); pos = telldir(dir); if (pos < 0) perror("telldir failed with"); } closedir(dir); } while (ent != 0); } ________________________________________________________________ The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! |
From: James W M. <mcm...@ju...> - 2003-11-25 03:09:00
|
> > I have been tracing down the Oops on a vanilla 2.4.22 kernel > > This appears to be a Oops with a semaphore held that will > > lock out all other accesses to the tmpfs/shmfs filesystem. > In fact, I wrote the exact point of the Oops in the host kernel in > the first > message... it's not clear if you missed this. No I did not miss it I was working on what tasks were occurring before the Oops, I used it to generate the test program. > > I traced it to read_dir in hostfs_user.c by setting > > breakpoints on all the hostfs_user.c functions. > Yes, I've get to that point, too. > > This is very strange my attached test program when run > > as a unprivileged user Oops the kernel and locks /dev/shm > > in general a unprivileged user should not be able to do this > Yes, but it's a kernel bug: provided the kernel doesn't oops, > checking for priviledges with semaphore isn't needed. And > if someone wants to implement this, he will receive as answer > "fix the oops and post that. No overhead, please". And > actually implementing the fix wouldn't be easy(how do you > steal a semaphore that a priviledged process holds?)... > > Maybe, releasing semaphores on Oops could be useful. IIRC, the code > already releases spinlocks(but not sure at all). But when oopsing, it's not > easy to do anything, since we have already problems. Ah, no I was not trying to complain about the semaphore I think the Oops needs fixing also. It is not that it needs a permission check, but rather that any commands issued by a unprivileged user (no matter how dumb) should not Oops the kernel. > > It has taken a while in order to check that the kernel I was > > running was without patches (i.e. no skas) > So, it happens even without SKAS mode. > The other possible issue(i.e. something unusual which happens only > with UML) is with threading. If I have time, I'll check whether a > program creating threads on the host the way UML does can > obtain the same Oops. At that point, LKML won't be able to > ignore it. I mean just a userspace program to run on the host. You don't need to bother that is what my test program does it will Oops the host kernel without requiring any UML to be present. That is why I checked with a vanilla kernel rather then my normal skas patched version. > > I have also noted that the tmpfs/shmfs does not have a set > > of files like other filesystems under fs/ it seems to be located > > in mm/shmem.c instead... very strange > Actually, it's based on fs/ramfs... which has only one file because > nothing is saved by the FS. Normally dentries(an object which > represents anything contained inside a dir, a "directory entry") > are just used to cache access to the FS; for ramfs and tmpfs > (or better, for all ram-based fs, even the 2.6 sysfs), they are > locked in memory and never unloaded. Yes, I understand mostly how it works, but the layout of the shmem_* inode ops in mm/shmem.c was confusing I was expecting TMPFS to be under fs/tmpfs or fs/ramfs, I had to grep the whole tree to find the CONFIG_TMPFS ifdefs > > Oh well it is a problem with the vanilla 2.4.22 kernel so > > more testing and off to the LKML... > > > Anybody have a better guess where to send this? > Maybe there is a linux-mm mailing list... check Maintainers file. > But before LKML we probably need to write a simple test > program... like the threaded one > I said above(if threading is the issue). Threading is not a issue the test program I attached to yesterdays e-mail can be run on the host system to Oops the host kernel without requiring UML and can be run inside of UML to Oops the UML kernel with all the nice debugging features, while letting the host system keep running without any Oopses. It is much simpler to use than using UML to Oops the host kernel The biggest problem I have been having is all of the inlines hiding where exactly it is going wrong, it appears that the dcache_readdir blows up when a invalid ->prev pointer is in one of the lists it may relate to the list_del(q); list_add(q, &dentry->d_subdirs); on a empty list that I think is occurring MAINTAINERS, mm/shmem.c don't seem to list contact addresses for tmpfs/shmfs :( here is a even shorter version of the test program it blows up on the first real entry The first version is easier to understand what UML is doing though. /* by James_McMechan at hotmail com */ /* test2 program to Oops shmfs mounted at /dev/shm */ /* yes it is dumb but unprivileged users should not be able */ /* to Oops the kernel regardless of how dumb the program */ #include <sys/types.h> #include <dirent.h> main() {/* off 0 is "." off 1 is ".." off 2 is empty */ seekdir(opendir("/dev/shm"), (off_t) 2); } ________________________________________________________________ The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! |
From: <Th...@gm...> - 2003-11-25 12:31:46
|
Can sombody sel me what this message mean? test:~/uml/test/tools# make set -e ; for dir in jail jailtest mconsole moo port-helper tunctl uml_net uml_router watchdog; do make -C $dir all; done make[1]: Entering directory `/root/uml/test/tools/jail' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/root/uml/test/tools/jail' make[1]: Entering directory `/root/uml/test/tools/jailtest' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/root/uml/test/tools/jailtest' make[1]: Entering directory `/root/uml/test/tools/mconsole' cc -g -Wall -c -o uml_mconsole.o uml_mconsole.c uml_mconsole.c:17: readline/readline.h: No such file or directory uml_mconsole.c:18: readline/history.h: No such file or directory make[1]: *** [uml_mconsole.o] Error 1 make[1]: Leaving directory `/root/uml/test/tools/mconsole' make: *** [all] Error 2 test:~/uml/test/tools# -- Thonix NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ |
From: Henrik N. <hn...@ma...> - 2003-11-25 12:39:41
|
On Tue, 25 Nov 2003 Th...@gm... wrote: > cc -g -Wall -c -o uml_mconsole.o uml_mconsole.c > uml_mconsole.c:17: readline/readline.h: No such file or directory > uml_mconsole.c:18: readline/history.h: No such file or directory I think your system is missing the GNU readline development headers & library. On RedHat this is the readline-devel package. Regards Henrik |
From: Rus F. <rg...@fs...> - 2003-11-25 12:47:00
|
On Tue, 25 Nov 2003 Th...@gm... wrote: > Can sombody sel me what this message mean? > > test:~/uml/test/tools# make > set -e ; for dir in jail jailtest mconsole moo port-helper tunctl uml_net > uml_router watchdog; do make -C $dir all; done > make[1]: Entering directory `/root/uml/test/tools/jail' > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory `/root/uml/test/tools/jail' > make[1]: Entering directory `/root/uml/test/tools/jailtest' > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory `/root/uml/test/tools/jailtest' > make[1]: Entering directory `/root/uml/test/tools/mconsole' > cc -g -Wall -c -o uml_mconsole.o uml_mconsole.c > uml_mconsole.c:17: readline/readline.h: No such file or directory > uml_mconsole.c:18: readline/history.h: No such file or directory Install ncurses-devel Rgds Rus -- w: http://www.jvds.com | JVDS Virtual Servers e: rg...@jv... | Daily Specials t: +44 7919 373537 | http://www.jvds.com/specials.php t: 1-888-327-6330 | email: sa...@jv... |
From: Rus F. <rg...@fs...> - 2003-11-25 12:47:21
|
On Tue, 25 Nov 2003 Th...@gm... wrote: > Can sombody sel me what this message mean? > > test:~/uml/test/tools# make > set -e ; for dir in jail jailtest mconsole moo port-helper tunctl uml_net > uml_router watchdog; do make -C $dir all; done > make[1]: Entering directory `/root/uml/test/tools/jail' > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory `/root/uml/test/tools/jail' > make[1]: Entering directory `/root/uml/test/tools/jailtest' > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory `/root/uml/test/tools/jailtest' > make[1]: Entering directory `/root/uml/test/tools/mconsole' > cc -g -Wall -c -o uml_mconsole.o uml_mconsole.c > uml_mconsole.c:17: readline/readline.h: No such file or directory > uml_mconsole.c:18: readline/history.h: No such file or directory readline-devel actually soz Rus -- w: http://www.jvds.com | JVDS Tech Channel: e: rg...@jv... | http://tech.jvds.com t: +44 7919 373537 | Talk about Tech t: 1-888-327-6330 | email: sa...@jv... |
From: <Th...@gm...> - 2003-11-25 13:04:00
|
After the readline-devel installation it works fine - thank you > On Tue, 25 Nov 2003 Th...@gm... wrote: > > > Can sombody sel me what this message mean? > > > > test:~/uml/test/tools# make > > set -e ; for dir in jail jailtest mconsole moo port-helper tunctl > uml_net > > uml_router watchdog; do make -C $dir all; done > > make[1]: Entering directory `/root/uml/test/tools/jail' > > make[1]: Nothing to be done for `all'. > > make[1]: Leaving directory `/root/uml/test/tools/jail' > > make[1]: Entering directory `/root/uml/test/tools/jailtest' > > make[1]: Nothing to be done for `all'. > > make[1]: Leaving directory `/root/uml/test/tools/jailtest' > > make[1]: Entering directory `/root/uml/test/tools/mconsole' > > cc -g -Wall -c -o uml_mconsole.o uml_mconsole.c > > uml_mconsole.c:17: readline/readline.h: No such file or directory > > uml_mconsole.c:18: readline/history.h: No such file or directory > > readline-devel actually > > soz > > Rus > -- > w: http://www.jvds.com | JVDS Tech Channel: > e: rg...@jv... | http://tech.jvds.com > t: +44 7919 373537 | Talk about Tech > t: 1-888-327-6330 | email: sa...@jv... > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > User-mode-linux-devel mailing list > Use...@li... > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel > -- Thonix ICQ: 101992567 InfoPage: http://www.thonix.net/ GMX Weihnachts-Special: Seychellen-Traumreise zu gewinnen! Rentier entlaufen. Finden Sie Rudolph! Als Belohnung winken tolle Preise. http://www.gmx.net/de/cgi/specialmail/ +++ GMX - die erste Adresse für Mail, Message, More! +++ |