Re: [Vserver] sendfile crash? (2.6.13.4 with vserver 2.1.0-rc4)
On Thu, Nov 03, 2005 at 09:01:14PM +0100, Grzegorz Nosek wrote: > 2005/11/3, Herbert Poetzl <[EMAIL PROTECTED]>: > > On Thu, Nov 03, 2005 at 05:38:43PM +0100, Grzegorz Nosek wrote: > > > Hello all > > > > > > I needed to apply the patch below in order to keep the kernel from > > > oopsing (in some older revisions) or freezing solid (in the newest, > > > listed in the subject. > > > > as follow up, please try the following patch instead: > > > > http://lkml.org/lkml/diff/2005/11/3/161/1 > > > > rationale: http://lkml.org/lkml/2005/11/3/161 > > > > HTH, > > Herbert > > > > > > Hello, > > I think I disagree that my proposed patch is hiding the real bug > because the ppos and max variables aren't ever used in do_sendfile. > They're blindly passed to vfs_sendfile, which does the checks and > returns -EOVERFLOW if needed. hmm, good that you disagree ... > IMHO my patch is more of The Right Way (tm) because it doesn't involve > modifications in another function (only do_sendfile is affected, which > is modified heavily anyway). hmm, well, maybe a mix of both approaches is what we really want because the following looks 'suspicious' to me: asmlinkage ssize_t sys_sendfile(int out_fd, int in_fd, off_t __user *offset, size_t count) { ... if (offset) { ... pos = off; ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS); ... return ret; } return do_sendfile(out_fd, in_fd, NULL, count, 0); } because in the case we _have_ an offset specified, we pass a pos and limit (MAX_NON_LFS) and if not, we just set it to zero? > Of course, you're free to either include it or ignore it. > > (my definitions of vfs_sendfile and do_sendfile with some random > annotations below) well, I agree with you that the check in do_sendfile() is superfluous ... and that the checks in vfs_sendfile() should be sufficient ... haven't checked all cases here best, Herbert PS: please follow up on lkml, if not done so already ... > ssize_t vfs_sendfile(struct file *out_file, struct file *in_file, loff_t > *ppos, > size_t count, loff_t max) > { > struct inode * in_inode, * out_inode; > loff_t pos; > ssize_t ret; > > /* verify in_file */ > in_inode = in_file->f_dentry->d_inode; > if (!in_inode) > return -EINVAL; > if (!in_file->f_op || !in_file->f_op->sendfile) > return -EINVAL; > > // !!! ppos is validated here > if (!ppos) > ppos = &in_file->f_pos; > else > if (!(in_file->f_mode & FMODE_PREAD)) > return -ESPIPE; > > ret = rw_verify_area(FLOCK_VERIFY_READ, in_file, ppos, count); > if (ret) > return ret; > > /* verify out_file */ > out_inode = out_file->f_dentry->d_inode; > if (!out_inode) > return -EINVAL; > if (!out_file->f_op || !out_file->f_op->sendpage) > return -EINVAL; > > ret = rw_verify_area(FLOCK_VERIFY_WRITE, out_file, > &out_file->f_pos, count); > if (ret) > return ret; > > ret = security_file_permission (out_file, MAY_WRITE); > if (ret) > return ret; > > // !!! max is validated here > if (!max) > max = min(in_inode->i_sb->s_maxbytes, > out_inode->i_sb->s_maxbytes); > > pos = *ppos; > if (unlikely(pos < 0)) > return -EINVAL; > if (unlikely(pos + count > max)) { > if (pos >= max) > return -EOVERFLOW; > count = max - pos; > } > > ret = in_file->f_op->sendfile(in_file, ppos, count, > file_send_actor, out_file); > > if (*ppos > max) > return -EOVERFLOW; > return ret; > } > > EXPORT_SYMBOL(vfs_sendfile); > > static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, >size_t count, loff_t max) > { > struct file * in_file, * out_file; > ssize_t retval; > int fput_needed_in, fput_needed_out; > > /* > * Get input file, and verify that it is ok.. > */ > retval = -EBADF; > in_file = fget_light(in_fd, &fput_needed_in); > if (!in_file) > goto out; > if (!(in_file->f_mode & FMODE_READ)) > goto fput_in; > > retval = security_file_permission (in_file, MAY_READ); > if (retval) > goto fput_in; > > /* > * Get output file, and verify that it is ok.. > */ > retval = -EBADF; > out_file = fget_light(out_fd, &fput_needed_out); > if (!out_file) > goto fput_in; > if (!(out_file->f_mode & FMODE_WRITE)) > goto fput_out; > >
Re: [Vserver] sendfile crash? (2.6.13.4 with vserver 2.1.0-rc4)
2005/11/3, Herbert Poetzl <[EMAIL PROTECTED]>: > On Thu, Nov 03, 2005 at 05:38:43PM +0100, Grzegorz Nosek wrote: > > Hello all > > > > I needed to apply the patch below in order to keep the kernel from > > oopsing (in some older revisions) or freezing solid (in the newest, > > listed in the subject. > > as follow up, please try the following patch instead: > > http://lkml.org/lkml/diff/2005/11/3/161/1 > > rationale: http://lkml.org/lkml/2005/11/3/161 > > HTH, > Herbert > > Hello, I think I disagree that my proposed patch is hiding the real bug because the ppos and max variables aren't ever used in do_sendfile. They're blindly passed to vfs_sendfile, which does the checks and returns -EOVERFLOW if needed. IMHO my patch is more of The Right Way (tm) because it doesn't involve modifications in another function (only do_sendfile is affected, which is modified heavily anyway). Of course, you're free to either include it or ignore it. (my definitions of vfs_sendfile and do_sendfile with some random annotations below) ssize_t vfs_sendfile(struct file *out_file, struct file *in_file, loff_t *ppos, size_t count, loff_t max) { struct inode * in_inode, * out_inode; loff_t pos; ssize_t ret; /* verify in_file */ in_inode = in_file->f_dentry->d_inode; if (!in_inode) return -EINVAL; if (!in_file->f_op || !in_file->f_op->sendfile) return -EINVAL; // !!! ppos is validated here if (!ppos) ppos = &in_file->f_pos; else if (!(in_file->f_mode & FMODE_PREAD)) return -ESPIPE; ret = rw_verify_area(FLOCK_VERIFY_READ, in_file, ppos, count); if (ret) return ret; /* verify out_file */ out_inode = out_file->f_dentry->d_inode; if (!out_inode) return -EINVAL; if (!out_file->f_op || !out_file->f_op->sendpage) return -EINVAL; ret = rw_verify_area(FLOCK_VERIFY_WRITE, out_file, &out_file->f_pos, count); if (ret) return ret; ret = security_file_permission (out_file, MAY_WRITE); if (ret) return ret; // !!! max is validated here if (!max) max = min(in_inode->i_sb->s_maxbytes, out_inode->i_sb->s_maxbytes); pos = *ppos; if (unlikely(pos < 0)) return -EINVAL; if (unlikely(pos + count > max)) { if (pos >= max) return -EOVERFLOW; count = max - pos; } ret = in_file->f_op->sendfile(in_file, ppos, count, file_send_actor, out_file); if (*ppos > max) return -EOVERFLOW; return ret; } EXPORT_SYMBOL(vfs_sendfile); static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, size_t count, loff_t max) { struct file * in_file, * out_file; ssize_t retval; int fput_needed_in, fput_needed_out; /* * Get input file, and verify that it is ok.. */ retval = -EBADF; in_file = fget_light(in_fd, &fput_needed_in); if (!in_file) goto out; if (!(in_file->f_mode & FMODE_READ)) goto fput_in; retval = security_file_permission (in_file, MAY_READ); if (retval) goto fput_in; /* * Get output file, and verify that it is ok.. */ retval = -EBADF; out_file = fget_light(out_fd, &fput_needed_out); if (!out_file) goto fput_in; if (!(out_file->f_mode & FMODE_WRITE)) goto fput_out; retval = vfs_sendfile(out_file, in_file, ppos, count, max); // !!! if vfs_sendfile returned -EOVERFLOW, it propagates out of do_sendfile too (and doesn't skip fput_XXX) if (retval > 0) { current->rchar += retval; current->wchar += retval; } current->syscr++; current->syscw++; fput_out: fput_light(out_file, fput_needed_out); fput_in: fput_light(in_file, fput_needed_in); out: return retval; } ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] sendfile crash? (2.6.13.4 with vserver 2.1.0-rc4)
On Thu, Nov 03, 2005 at 05:38:43PM +0100, Grzegorz Nosek wrote: > Hello all > > I needed to apply the patch below in order to keep the kernel from > oopsing (in some older revisions) or freezing solid (in the newest, > listed in the subject. as follow up, please try the following patch instead: http://lkml.org/lkml/diff/2005/11/3/161/1 rationale: http://lkml.org/lkml/2005/11/3/161 HTH, Herbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] PPC build failure of util-vserver
Herbert Poetzl <[EMAIL PROTECTED]> writes: >> >> two check of util-vserver 0.30.209 are failing on a PPC machine. >> ... >> http://ensc.de/vserver/cflags >> http://ensc.de/vserver/personality > > $ ./cflags > Killed > > $ ./personality > Killed > > here are my versions: > > http://vserver.13thfloor.at/Experimental/UTIL-VSERVER/cflags > http://vserver.13thfloor.at/Experimental/UTIL-VSERVER/personality > > (which work flawlessly) It is impossible for me to debug this further (SIGKILL seems to happen before main()), so util-vserver will not be available on Fedora for PPC arch. Perhaps some more details under https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172389 Enrico ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] sendfile crash? (2.6.13.4 with vserver 2.1.0-rc4)
On Thu, Nov 03, 2005 at 05:38:43PM +0100, Grzegorz Nosek wrote: > Hello all > > I needed to apply the patch below in order to keep the kernel from > oopsing (in some older revisions) or freezing solid (in the newest, > listed in the subject. > > This is the bug that I came across earlier and made a fool out of > myself at the lkml :) Apparently the code around this place has been > modified but the offending check is still there. The code is checking > *ppos and max, which both have bogus values and this exact check (with > proper values) is made in vfs_sendfile a few lines earlier. > > Why it freezes the box - I have no idea. I have also received some > reports about weird vserver behaviour (more crashes) but I'll gather > more info before I post. well, looks like your do_sendfile() is called with ppos being empty, which is not handled properly, removing the max check will only paper over the issue ... did you try this with 2.6.14 yet? TIA, Herbert > Best regards, > Grzegorz Nosek > > Oops (from netconsole - enabled it at last) follows: > > Nov 3 17:18:40 40 [ 799.084295] Unable to handle kernel NULL pointer > dereference > > --- linux-2.6/fs/read_write.c~ 2005-10-28 23:59:02.0 +0200 > +++ linux-2.6/fs/read_write.c 2005-11-03 17:28:50.0 +0100 > @@ -719,9 +719,6 @@ > current->syscr++; > current->syscw++; > > - if (*ppos > max) > - retval = -EOVERFLOW; > - > fput_out: > fput_light(out_file, fput_needed_out); > fput_in: > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] sendfile crash? (2.6.13.4 with vserver 2.1.0-rc4)
Hello all I needed to apply the patch below in order to keep the kernel from oopsing (in some older revisions) or freezing solid (in the newest, listed in the subject. This is the bug that I came across earlier and made a fool out of myself at the lkml :) Apparently the code around this place has been modified but the offending check is still there. The code is checking *ppos and max, which both have bogus values and this exact check (with proper values) is made in vfs_sendfile a few lines earlier. Why it freezes the box - I have no idea. I have also received some reports about weird vserver behaviour (more crashes) but I'll gather more info before I post. Best regards, Grzegorz Nosek Oops (from netconsole - enabled it at last) follows: Nov 3 17:18:40 40 [ 799.084295] Unable to handle kernel NULL pointer dereference Nov 3 17:18:40 40 at virtual address 0004 Nov 3 17:18:40 40 [ 799.084365] printing eip: Nov 3 17:18:40 40 [ 799.084394] a0174aa3 Nov 3 17:18:40 40 [ 799.084421] *pde = Nov 3 17:18:40 40 [ 799.084451] Oops: [#1] Nov 3 17:18:40 40 [ 799.084478] SMP Nov 3 17:18:40 40 Nov 3 17:18:40 40 [ 799.084516] Modules linked in: Nov 3 17:18:40 40 netconsole Nov 3 17:18:40 40 ipt_owner Nov 3 17:18:40 40 ipt_state Nov 3 17:18:40 40 iptable_filter Nov 3 17:18:40 40 e100 Nov 3 17:18:40 40 ip_conntrack_ftp Nov 3 17:18:40 40 ip_conntrack Nov 3 17:18:40 40 Nov 3 17:18:40 40 [ 799.084668] CPU:1 Nov 3 17:18:40 40 [ 799.084670] EIP:0060:[]Not tainted VLI Nov 3 17:18:40 40 [ 799.084672] EFLAGS: 00010246 (2.6.13.4p4smp.12) Nov 3 17:18:40 40 [ 799.084762] EIP is at do_sendfile+0xf3/0x140 Nov 3 17:18:40 40 [ 799.084792] eax: a5cbe550 ebx: a5cbe550 ecx: edx: a5cbe550 Nov 3 17:18:40 40 [ 799.084829] esi: a378aacc edi: a378a04c ebp: ae799f80 esp: ae799f3c Nov 3 17:18:40 40 [ 799.084863] ds: 007b es: 007b ss: 0068 Nov 3 17:18:40 40 [ 799.084898] Process vsftpd (pid: 16732, threadinfo=ae798000 task=a5cbe550) --- linux-2.6/fs/read_write.c~ 2005-10-28 23:59:02.0 +0200 +++ linux-2.6/fs/read_write.c 2005-11-03 17:28:50.0 +0100 @@ -719,9 +719,6 @@ current->syscr++; current->syscw++; - if (*ppos > max) - retval = -EOVERFLOW; - fput_out: fput_light(out_file, fput_needed_out); fput_in: ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error when creating centos min vserver
[EMAIL PROTECTED] ("Peter McGregor") writes: > No Match for argument: indexhtml-4-1.centos4 > No Match for argument: redhat-logos-1.1.25-1.centos4.3 > No Match for argument: setup-2.5.37-1.1 > No Match for argument: tzdata-2004e-2 > No Match for argument: glibc-2.3.4-2 > > Yum can find some files, but not all of them. The corresponding list of files > in my "01" file > (copied from the centos list on the vserver site) is > indexhtml-4-1.centos4 > redhat-logos-1.1.25-1.centos4.3 > setup-2.5.37-1.1 > basesystem-8.0-4 > tzdata-2004e-2 > glibc-2.3.4-2 Do not do this; the pkgs/ files shall *never* contain versioned packagenames and should list only leaf-packages but not their dependencies. FWIW, util-vserver 0.30.209 supports CentOS4.2 out-of-the box so manual setup should not be needed. Enrico ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error when creating centos min vserver
Hello I've build a new yum rpm for centos4 incorporating the patch for chroot. (I used www.jpackage.org to help with the rpm building and http://www-128.ibm.com/developerworks/library/l-rpm2/ to understand the patching process) It basically works a lot better now. However I think there are still 2 problems. 1/ It seems to be very fragile when finding files in a repository. Often yum will say it cannot find the file. When yum gets run again, it seems to find the file and then falls over again somewhere later with the same error, but with a different file. 2/There are many packages where yum says eg No Match for argument: indexhtml-4-1.centos4 No Match for argument: redhat-logos-1.1.25-1.centos4.3 No Match for argument: setup-2.5.37-1.1 No Match for argument: tzdata-2004e-2 No Match for argument: glibc-2.3.4-2 Yum can find some files, but not all of them. The corresponding list of files in my "01" file (copied from the centos list on the vserver site) is indexhtml-4-1.centos4 redhat-logos-1.1.25-1.centos4.3 setup-2.5.37-1.1 basesystem-8.0-4 tzdata-2004e-2 glibc-2.3.4-2 So it seems to have found basesystem-8.0-4 ok. Example of running yum * glibc-common-2.3.4-2.13.i 100% |=| 636 kB00:20 ---> Package glibc-common.i386 0:2.3.4-2.13 set to be updated ---> Downloading header for hwdata to pack into transaction set. hwdata-0.146.12.EL-1.noar 100% |=| 17 kB00:00 ---> Package hwdata.noarch 0:0.146.12.EL-1 set to be updated ---> Downloading header for pciutils to pack into transaction set. Error: failure: CentOS/RPMS/pciutils-2.1.99.test8-3.1.i386.rpm from base: [Errno 256] No more mirrors to try. rm -rf /etc/vservers/.defaults/vdirbase/min-centos4 /etc/vservers/min-centos4 /etc/vservers/.defaults/vdirbase/.pkg/min-centos4 [EMAIL PROTECTED] ~]# ./build_vserver_guest.sh Renamed '/etc/vservers/.defaults/vdirbase/min-centos4' to '/etc/vservers/.defaults/vdirbase/min-centos4.~1131012443~' Renamed '/etc/vservers/min-centos4' to '/etc/vservers/min-centos4.~1131012443~' Renamed '/etc/vservers/.defaults/vdirbase/.pkg/min-centos4' to '/etc/vservers/.defaults/vdirbase/.pkg/min-centos4.~1131012443~' Setting up Install Process Setting up repositories update100% |=| 951 B00:00 base 100% |=| 1.1 kB00:00 addons100% |=| 951 B00:00 extras100% |=| 1.1 kB00:00 Reading repository metadata in from local files primary.xml.gz100% |=| 16 kB00:00 update: ## 47/47 Added 47 new packages, deleted 0 old in 0.59 seconds primary.xml.gz100% |=| 466 kB00:14 base : ## 1434/1434 Added 1434 new packages, deleted 0 old in 12.58 seconds primary.xml.gz100% |=| 157 B00:00 Added 0 new packages, deleted 0 old in 0.01 seconds primary.xml.gz100% |=| 9.3 kB00:00 extras: ## 33/33 Added 33 new packages, deleted 0 old in 0.36 seconds Parsing package install arguments No Match for argument: indexhtml-4-1.centos4 No Match for argument: redhat-logos-1.1.25-1.centos4.3 No Match for argument: setup-2.5.37-1.1 No Match for argument: tzdata-2004e-2 No Match for argument: glibc-2.3.4-2 No Match for argument: chkconfig-1.3.11.2-1 No Match for argument: dmraid-1.0.0.rc5f-rhel4.1 No Match for argument: iputils-20020927-16 No Match for argument: centos-release-4-0.1 No Match for argument: net-tools-1.60-37 No Match for argument: perl-5.8.5-12.1 No Match for argument: popt-1.9.1-7_nonptl No Match for argument: rpmdb-CentOS-4.0-0.20050228 No Match for argument: vim-minimal-6.3.046-0.40E.4 No Match for argument: cpio-2.5-7.EL4.1 No Match for argument: coreutils-5.2.1-31 No Match for argument: grub-0.95-3.1 No Match for argument: krb5-libs-1.3.4-10 No Match for argument: openssl-0.9.7a-43.1 No Match for argument: rpm-libs-4.3.3-7_nonptl No Match for argument: shadow-utils-4.0.3-41.1 No Match for argument: dbus-glib-0.22-11.EL No Match for argument: nscd-2.3.4-2 No Match for argument: pam-0.77-65.1 No Match for argument: policycoreutils-1.18.1-4 No Match for argument: SysVinit-2.85-34 No Match for argument: lvm2-2.00.31-1.0.RHEL4 No Match for argument: kudzu-1.1.95.8-1 No Match for argument: comps-4.0CENTOS-0.20050228 No Match for argument: rmt-0.4b37-1 No Match for argument: bzip2-1.0.2-13 No Match for argument: logrotate-3.7.1-2 No Match for argument: rsh-0.17-25.1 No Match for argument: netconfig-0.8.21-1 No Match for argument: unix2dos-2.2-24 No Match for argument: binutils-2.15.92.0.2-10.EL4 No Match for argument