uot;
Date: Sat, 9 Mar 2013 00:14:45 -0800
Subject: [PATCH] proc: Use nd_jump_link in proc_ns_follow_link
Update proc_ns_follow_link to use nd_jump_link instead of just
manually updating nd.path.dentry.
This fixes the BUG_ON(nd->inode != parent->d_inode) reported by Dave
Jones and reproduc
On Sat, Mar 09, 2013 at 12:13:16AM -0500, Sasha Levin wrote:
> On 03/08/2013 11:39 PM, Dave Jones wrote:
> > On Fri, Mar 08, 2013 at 08:31:48PM -0800, Linus Torvalds wrote:
> > > On Fri, Mar 8, 2013 at 7:50 PM, Dave Jones wrote:
> > > > > >
> > > > > > I have a feeling there were some sy
On 03/08/2013 11:39 PM, Dave Jones wrote:
> On Fri, Mar 08, 2013 at 08:31:48PM -0800, Linus Torvalds wrote:
> > On Fri, Mar 8, 2013 at 7:50 PM, Dave Jones wrote:
> > > > >
> > > > > I have a feeling there were some sysfs ones that may still be
> unfixed.
> > >
> > > I was right..
> > >
>
On Fri, Mar 08, 2013 at 08:31:48PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 7:50 PM, Dave Jones wrote:
> > > >
> > > > I have a feeling there were some sysfs ones that may still be unfixed.
> >
> > I was right..
> >
> > [ 425.836722] general protection fault: [#1] PREEM
On Fri, Mar 8, 2013 at 7:50 PM, Dave Jones wrote:
> > >
> > > I have a feeling there were some sysfs ones that may still be unfixed.
>
> I was right..
>
> [ 425.836722] general protection fault: [#1] PREEMPT SMP
You forgot to enable DEBUG_PAGE_ALLOC again, but I don't think it much
matter
On Fri, Mar 08, 2013 at 07:38:33PM -0800, Eric W. Biederman wrote:
> Dave Jones writes:
>
> > On Fri, Mar 08, 2013 at 07:16:09PM -0800, Linus Torvalds wrote:
> > > Goodie. Your bug reports gave me heartburn. But it sounds like we have
> > an
> > > angle on all of the ones you've seen now
On Fri, Mar 08, 2013 at 07:36:34PM -0800, Linus Torvalds wrote:
> Note that my tree does not have the pipe changes. Um still not sure about
> the cause, see the patch with a warn-on-once in it. I don't like just
> adding the NULL pointer checks willy nilly without understanding why they
> made.
Dave Jones writes:
> On Fri, Mar 08, 2013 at 07:16:09PM -0800, Linus Torvalds wrote:
> > Goodie. Your bug reports gave me heartburn. But it sounds like we have an
> > angle on all of the ones you've seen now?
> >
> > Or have I forgotten about some case?
>
> To be honest I've lost track of
Dave Jones writes:
> On Fri, Mar 08, 2013 at 09:56:31PM -0500, Dave Jones wrote:
> > On Fri, Mar 08, 2013 at 09:26:23PM -0500, Dave Jones wrote:
> > > On Fri, Mar 08, 2013 at 06:08:52PM -0800, Linus Torvalds wrote:
> > > > On Fri, Mar 8, 2013 at 6:03 PM, Dave Jones wrote:
> > > > >
> >
On Fri, Mar 08, 2013 at 07:16:09PM -0800, Linus Torvalds wrote:
> Goodie. Your bug reports gave me heartburn. But it sounds like we have an
> angle on all of the ones you've seen now?
>
> Or have I forgotten about some case?
To be honest I've lost track of the whole collection.
Let me repull
On Fri, Mar 08, 2013 at 09:56:31PM -0500, Dave Jones wrote:
> On Fri, Mar 08, 2013 at 09:26:23PM -0500, Dave Jones wrote:
> > On Fri, Mar 08, 2013 at 06:08:52PM -0800, Linus Torvalds wrote:
> > > On Fri, Mar 8, 2013 at 6:03 PM, Dave Jones wrote:
> > > >
> > > > existing pathname + 'a'
On Fri, Mar 08, 2013 at 09:26:23PM -0500, Dave Jones wrote:
> On Fri, Mar 08, 2013 at 06:08:52PM -0800, Linus Torvalds wrote:
> > On Fri, Mar 8, 2013 at 6:03 PM, Dave Jones wrote:
> > >
> > > existing pathname + 'a' = fine.
> > >
> > > existing pathname + '/' + 'a' = boom.
> >
> >
On Fri, Mar 08, 2013 at 06:08:52PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 6:03 PM, Dave Jones wrote:
> >
> > existing pathname + 'a' = fine.
> >
> > existing pathname + '/' + 'a' = boom.
>
> Good.
>
> > Looks like if I do this..
> >
> >if (isdigit(newpath[len])
On Fri, Mar 8, 2013 at 6:03 PM, Dave Jones wrote:
>
> existing pathname + 'a' = fine.
>
> existing pathname + '/' + 'a' = boom.
Good.
> Looks like if I do this..
>
>if (isdigit(newpath[len]) != 0) {
> newpath[len] = '/';
>newpath[len+1] = 'A';
>
On Fri, Mar 08, 2013 at 05:18:29PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 4:36 PM, Dave Jones wrote:
> >
> > Ok, it's definitly the 'append something on the end of a valid pathname'
> > changeset. 'something' can be anything it seems.
>
> Ok. so maybe the way to "bisect" this
On Fri, Mar 8, 2013 at 4:36 PM, Dave Jones wrote:
>
> Ok, it's definitly the 'append something on the end of a valid pathname'
> changeset. 'something' can be anything it seems.
Ok. so maybe the way to "bisect" this is to play with that.
For example, does it happen even if the "something" does n
On Fri, Mar 08, 2013 at 07:19:17PM -0500, Dave Jones wrote:
> On Fri, Mar 08, 2013 at 04:02:02PM -0800, Linus Torvalds wrote:
> > On Fri, Mar 8, 2013 at 3:55 PM, Dave Jones wrote:
> > >
> > > That one was printed out with %s
> >
> > Ok, so those random pathnames you generate? They're f
On Fri, Mar 08, 2013 at 04:02:02PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 3:55 PM, Dave Jones wrote:
> >
> > That one was printed out with %s
>
> Ok, so those random pathnames you generate? They're funky.
I just did a test with just a page of 'A's, and got the same result,
so
On Fri, Mar 8, 2013 at 3:55 PM, Dave Jones wrote:
>
> That one was printed out with %s
Ok, so those random pathnames you generate? They're funky.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.or
On Fri, Mar 08, 2013 at 03:45:37PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 3:30 PM, Dave Jones wrote:
> > [ 100.729401] nd->last.name =
> > (\xffd2.W._.N.".\xfffe.\xff80.^N.?.\xffe4.E.8.g.\xffd2.N.\xffb6.^G.\xfff1.\xffcc.U.\xffda.^_.h.^M.1.\xf
On Fri, Mar 8, 2013 at 3:47 PM, Dave Jones wrote:
>
> That didn't take long..
Ok, thanks, so it's not something new to this merge window. Not that I
expected it to be, but better safe than sorry.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the bo
eal and
> old, so keep the patches for those around, but let's just verify that
> the BUG_ON(nd->inode != parent->d_inode);" is old too.
>
> I suspect it's a real and old bug, and that you'll be able to recreate
> it with the stable kernels too, but jus
On Fri, Mar 8, 2013 at 3:30 PM, Dave Jones wrote:
> [ 100.729401] nd->last.name =
> (\xffd2.W._.N.".\xfffe.\xff80.^N.?.\xffe4.E.8.g.\xffd2.N.\xffb6.^G.\xfff1.\xffcc.U.\xffda.^_.h.^M.1.\xffc5.\xff82.%.B.\xffe0.\xffad.^U.8.^L.c.Z.^K.\xffe4.h.
re likely real and
> old, so keep the patches for those around, but let's just verify that
> the BUG_ON(nd->inode != parent->d_inode);" is old too.
>
> I suspect it's a real and old bug, and that you'll be able to recreate
> it with the stable kernels too
On Fri, Mar 08, 2013 at 03:20:40PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 3:07 PM, Dave Jones wrote:
> >
> > Ok, got something more meaningful out of the lookup_slow trace.
> >
> > [ 66.082984] parent->dname.name (06b6b6b6b6b6b6b)
> > [ 66.083637] parent =
> >
> > At fi
ed in the merge window, and we're just wasting time trying to
figure it out, when it could be just bisected...
The pipe and symlink BUG_ON() bugs you've found are likely real and
old, so keep the patches for those around, but let's just verify that
the BUG_ON(nd->inode != parent-&
On Fri, Mar 8, 2013 at 3:07 PM, Dave Jones wrote:
>
> Ok, got something more meaningful out of the lookup_slow trace.
>
> [ 66.082984] parent->dname.name (06b6b6b6b6b6b6b)
> [ 66.083637] parent =
>
> At first I thought AH-HA! SLAB POISON!
> But look closer.. it's shifted by 8 bits.
Or just t
On Fri, Mar 08, 2013 at 06:07:34PM -0500, Dave Jones wrote:
> parent seems to be a pointer to "\0".
Ignore that last part, it's wrong.
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo inf
On Fri, Mar 08, 2013 at 02:41:19PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 1:04 PM, Dave Jones wrote:
> >
> > queue up the sad trombone noises.
> >
> > One of the things trinity passes syscalls is a page of deformed unicode.
> > Apparently this page is so fucked up, that it cra
On Fri, Mar 8, 2013 at 1:04 PM, Dave Jones wrote:
>
> queue up the sad trombone noises.
>
> One of the things trinity passes syscalls is a page of deformed unicode.
> Apparently this page is so fucked up, that it crashes *printk*.
It's probably my debug stuff that is bogus. One of the string poin
> > - BUG_ON(nd->inode->i_op->follow_link);
> > }
> >
> > static inline void put_link(struct nameidata *nd, struct path *link, void
> > *cookie)
> > @@ -1438,7 +1436,13 @@ static int lookup_slow(struct nameidata *nd, struct
> > p
void
> *cookie)
> @@ -1438,7 +1436,13 @@ static int lookup_slow(struct nameidata *nd, struct
> path *path)
> int err;
>
> parent = nd->path.dentry;
> - BUG_ON(nd->inode != parent->d_inode);
> +
> +if (WARN_ON(nd->inode != parent->d_inod
>flags |= LOOKUP_JUMPED;
-
- BUG_ON(nd->inode->i_op->follow_link);
}
static inline void put_link(struct nameidata *nd, struct path *link, void
*cookie)
@@ -1438,7 +1436,13 @@ static int lookup_slow(struct nameidata *nd, struct path
*path)
int err;
parent
On Fri, Mar 08, 2013 at 02:18:04PM -0500, Dave Jones wrote:
> On Fri, Mar 08, 2013 at 10:51:03AM -0800, Linus Torvalds wrote:
> > On Fri, Mar 8, 2013 at 7:04 AM, Dave Jones wrote:
> > >
> > > Managed to trigger this one from a different path..
> > >
> > > kernel BUG at fs/namei.c:1439!
On Fri, Mar 08, 2013 at 10:51:03AM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 7:04 AM, Dave Jones wrote:
> >
> > Managed to trigger this one from a different path..
> >
> > kernel BUG at fs/namei.c:1439!
> > Call Trace:
> > [] path_lookupat+0x71e/0x740
> > [] filename_lookup+0
On Fri, Mar 8, 2013 at 7:04 AM, Dave Jones wrote:
>
> Managed to trigger this one from a different path..
>
> kernel BUG at fs/namei.c:1439!
> Call Trace:
> [] path_lookupat+0x71e/0x740
> [] filename_lookup+0x34/0xc0
> [] user_path_at_empty+0x8e/0x110
> [] user_path_at+0x11/0x20
> [] sys_lget
On Wed, Mar 06, 2013 at 09:16:45PM -0500, Dave Jones wrote:
> kernel BUG at fs/namei.c:1441!
> invalid opcode: [#1] PREEMPT SMP
> Modules linked in: bnep vmw_vsock_vmci_transport vmw_vmci vsock fuse
> l2tp_ppp l2tp_core hidp 8021q garp mrp llc2 netrom phonet bridge dlci stp
> caif_soc
Fuzz tester just hit this.
Dave
[11235.974332] [ cut here ]
[11235.975039] kernel BUG at fs/namei.c:1441!
[11235.975661] invalid opcode: [#1] PREEMPT SMP
[11235.976433] Modules linked in: bnep vmw_vsock_vmci_transport vmw_vmci vsock
fuse l2tp_ppp l2tp_core
38 matches
Mail list logo
