Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] General Protection Fault: snajpa's playground #16706

Closed
wants to merge 6 commits into from

Conversation

snajpa
Copy link
Contributor

@snajpa snajpa commented Oct 30, 2024

Motivation and Context

I've been stuck for more than a month with #16608 trying different approaches to hunt down the problem, but I keep breaking other stuff, so I need to employ the testbots to help me throughout the journey. I could theoretically set up my own playground but I'd eventually also need the variety of kernels the bots provide already and that seems like a ton of work I don't currently have the time to do.

Description

How Has This Been Tested?

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
  • Documentation (a change to man pages or other documentation)

Checklist:

by protecting against sb->s_shrink eviction on umount with newer kernels

deactivate_locked_super calls shrinker_free and only then
sops->kill_sb cb, resulting in UAF on umount when trying
to reach for the shrinker functions in zpl_prune_sb of
in-umount dataset

Signed-off-by: Pavel Snajdr <snajpa@snajpa.net>
Commit message TODO

Signed-off-by: Pavel Snajdr <snajpa@snajpa.net>
Signed-off-by: Pavel Snajdr <snajpa@snajpa.net>
Other linux fs implementations seem to hold a reference to some buffer
which seems to cause the inode to stay in place in tight memory conditions.

Replicate such behavior.

Signed-off-by: Pavel Snajdr <snajpa@snajpa.net>
@gmelikov
Copy link
Member

Just a note that you may ensure that github actions are active on your fork (it's activated in project's settings), then you'll have the same CI runs in your fork too.

@snajpa
Copy link
Contributor Author

snajpa commented Oct 30, 2024

@gmelikov thank you!

@snajpa snajpa closed this Oct 30, 2024
@snajpa snajpa mentioned this pull request Oct 30, 2024
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants