Re: Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1]
On Sun, 22 Jul 2007 23:48:14 +0200 "J.A. Magallón" <[EMAIL PROTECTED]> wrote: > On Thu, 28 Jun 2007 03:43:21 -0700, Andrew Morton <[EMAIL PROTECTED]> wrote: > > > > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc6/2.6.22-rc6-mm1/ > > > > I have noticed a funny problem. > Lets say 666 is not an uid used on you system. This oopses: > > rm -f dummy > touch dummy > chown 666 dummy > touch dummy Does Linus's fix fix it? commit 1e5de2837c166535f9bb4232bfe97ea1f9fc7a1c Author: Linus Torvalds <[EMAIL PROTECTED]> Date: Sun Jul 8 12:02:55 2007 -0700 Fix permission checking for the new utimensat() system call Commit 1c710c896eb461895d3c399e15bb5f20b39c9073 added the utimensat() system call, but didn't handle the case of checking for the writability of the target right, when the target was a file descriptor, not a filename. We cannot use vfs_permission(MAY_WRITE) for that case, and need to simply check whether the file descriptor is writable. The oops from using the wrong function was noticed and narrowed down by Markus Trippelsdorf. Cc: Ulrich Drepper <[EMAIL PROTECTED]> Cc: Markus Trippelsdorf <[EMAIL PROTECTED]> Cc: Andrew Morton <[EMAIL PROTECTED]> Acked-by: Al Viro <[EMAIL PROTECTED]> Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]> diff --git a/fs/utimes.c b/fs/utimes.c index 480f7c8..b3c8895 100644 --- a/fs/utimes.c +++ b/fs/utimes.c @@ -106,9 +106,16 @@ long do_utimes(int dfd, char __user *fil if (IS_IMMUTABLE(inode)) goto dput_and_out; - if (current->fsuid != inode->i_uid && - (error = vfs_permission(, MAY_WRITE)) != 0) - goto dput_and_out; + if (current->fsuid != inode->i_uid) { + if (f) { + if (!(f->f_mode & FMODE_WRITE)) + goto dput_and_out; + } else { + error = vfs_permission(, MAY_WRITE); + if (error) + goto dput_and_out; + } + } } mutex_lock(>i_mutex); error = notify_change(dentry, ); - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1]
On Sun, 22 Jul 2007 23:48:14 +0200 J.A. Magallón [EMAIL PROTECTED] wrote: On Thu, 28 Jun 2007 03:43:21 -0700, Andrew Morton [EMAIL PROTECTED] wrote: ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc6/2.6.22-rc6-mm1/ I have noticed a funny problem. Lets say 666 is not an uid used on you system. This oopses: rm -f dummy touch dummy chown 666 dummy touch dummy Does Linus's fix fix it? commit 1e5de2837c166535f9bb4232bfe97ea1f9fc7a1c Author: Linus Torvalds [EMAIL PROTECTED] Date: Sun Jul 8 12:02:55 2007 -0700 Fix permission checking for the new utimensat() system call Commit 1c710c896eb461895d3c399e15bb5f20b39c9073 added the utimensat() system call, but didn't handle the case of checking for the writability of the target right, when the target was a file descriptor, not a filename. We cannot use vfs_permission(MAY_WRITE) for that case, and need to simply check whether the file descriptor is writable. The oops from using the wrong function was noticed and narrowed down by Markus Trippelsdorf. Cc: Ulrich Drepper [EMAIL PROTECTED] Cc: Markus Trippelsdorf [EMAIL PROTECTED] Cc: Andrew Morton [EMAIL PROTECTED] Acked-by: Al Viro [EMAIL PROTECTED] Signed-off-by: Linus Torvalds [EMAIL PROTECTED] diff --git a/fs/utimes.c b/fs/utimes.c index 480f7c8..b3c8895 100644 --- a/fs/utimes.c +++ b/fs/utimes.c @@ -106,9 +106,16 @@ long do_utimes(int dfd, char __user *fil if (IS_IMMUTABLE(inode)) goto dput_and_out; - if (current-fsuid != inode-i_uid - (error = vfs_permission(nd, MAY_WRITE)) != 0) - goto dput_and_out; + if (current-fsuid != inode-i_uid) { + if (f) { + if (!(f-f_mode FMODE_WRITE)) + goto dput_and_out; + } else { + error = vfs_permission(nd, MAY_WRITE); + if (error) + goto dput_and_out; + } + } } mutex_lock(inode-i_mutex); error = notify_change(dentry, newattrs); - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1]
On Sun, 22 Jul 2007 23:48:14 +0200 J.A. Magallón wrote: > On Thu, 28 Jun 2007 03:43:21 -0700, Andrew Morton <[EMAIL PROTECTED]> wrote: > > > > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc6/2.6.22-rc6-mm1/ > > so is this 2.6.22-rc6-mm1 or is it as Oops says: 2.6.21-jam12 ? I tested 2.6.22-rc6-mm1 and couldn't reproduce this. Maybe your .config file would help. > I have noticed a funny problem. > Lets say 666 is not an uid used on you system. This oopses: > > rm -f dummy > touch dummy > chown 666 dummy > touch dummy > > Oops: > > BUG: unable to handle kernel NULL pointer dereference at virtual address > 006a > printing eip: > c0165281 > *pde = > Oops: [#2] > PREEMPT SMP > Modules linked in: w83627hf hwmon_vid hwmon i2c_dev loop floppy udf microcode > snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm nvidia(P) snd_timer > 3c59x snd_page_alloc snd_util_mem snd_hwdep snd usblp ohci1394 e1000 ieee1394 > sata_promise emu10k1_gp gameport intel_agp i2c_i801 agpgart evdev sg > CPU:3 > EIP:0060:[]Tainted: P D VLI > EFLAGS: 00210297 (2.6.21-jam12 #1) > EIP is at permission+0x4/0xa1 > eax: ebx: c5785aa0 ecx: c43a1f04 edx: 0002 > esi: edi: ebp: c3442c00 esp: c43a1ef0 > ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068 > Process touch (pid: 8401, ti=c43a1000 task=c25d69b0 task.ti=c43a1000) > Stack: c5785aa0 fff3 c017ba84 c43e9c50 c55c52a8 c43e9c50 c344ab7c > 00c9 > c3442c00 b7f14f70 c4f574d0 c2ea5400 > c03ef580 > 0004 b7f14f70 c0125cac > c4f574d0 > Call Trace: > [] do_utimes+0x174/0x1b9 > [] __atomic_notifier_call_chain+0x27/0x4d > [] do_page_fault+0x523/0x68d > [] sys_utimensat+0x22/0x92 > [] do_page_fault+0x0/0x68d > [] sysenter_past_esp+0x5f/0x85 > [] packet_setsockopt+0x279/0x325 > === > Code: eb b1 66 c1 ee 06 8d 74 26 00 eb 8c 83 e7 02 75 c5 b8 02 00 00 00 8d 74 > 26 00 e8 16 bf fb ff 85 c0 74 b3 31 c0 eb c9 56 53 89 c6 <0f> b7 58 6a f6 c2 > 02 74 31 8b 80 a4 00 00 00 f6 40 30 01 74 1c > EIP: [] permission+0x4/0xa1 SS:ESP 0068:c43a1ef0 > > Any ideas ? --- ~Randy *** Remember to use Documentation/SubmitChecklist when testing your code *** - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1]
On Thu, 28 Jun 2007 03:43:21 -0700, Andrew Morton <[EMAIL PROTECTED]> wrote: > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc6/2.6.22-rc6-mm1/ > I have noticed a funny problem. Lets say 666 is not an uid used on you system. This oopses: rm -f dummy touch dummy chown 666 dummy touch dummy Oops: BUG: unable to handle kernel NULL pointer dereference at virtual address 006a printing eip: c0165281 *pde = Oops: [#2] PREEMPT SMP Modules linked in: w83627hf hwmon_vid hwmon i2c_dev loop floppy udf microcode snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm nvidia(P) snd_timer 3c59x snd_page_alloc snd_util_mem snd_hwdep snd usblp ohci1394 e1000 ieee1394 sata_promise emu10k1_gp gameport intel_agp i2c_i801 agpgart evdev sg CPU:3 EIP:0060:[]Tainted: P D VLI EFLAGS: 00210297 (2.6.21-jam12 #1) EIP is at permission+0x4/0xa1 eax: ebx: c5785aa0 ecx: c43a1f04 edx: 0002 esi: edi: ebp: c3442c00 esp: c43a1ef0 ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068 Process touch (pid: 8401, ti=c43a1000 task=c25d69b0 task.ti=c43a1000) Stack: c5785aa0 fff3 c017ba84 c43e9c50 c55c52a8 c43e9c50 c344ab7c 00c9 c3442c00 b7f14f70 c4f574d0 c2ea5400 c03ef580 0004 b7f14f70 c0125cac c4f574d0 Call Trace: [] do_utimes+0x174/0x1b9 [] __atomic_notifier_call_chain+0x27/0x4d [] do_page_fault+0x523/0x68d [] sys_utimensat+0x22/0x92 [] do_page_fault+0x0/0x68d [] sysenter_past_esp+0x5f/0x85 [] packet_setsockopt+0x279/0x325 === Code: eb b1 66 c1 ee 06 8d 74 26 00 eb 8c 83 e7 02 75 c5 b8 02 00 00 00 8d 74 26 00 e8 16 bf fb ff 85 c0 74 b3 31 c0 eb c9 56 53 89 c6 <0f> b7 58 6a f6 c2 02 74 31 8b 80 a4 00 00 00 f6 40 30 01 74 1c EIP: [] permission+0x4/0xa1 SS:ESP 0068:c43a1ef0 Any ideas ? -- J.A. Magallon \ Software is like sex: \ It's better when it's free Mandriva Linux release 2008.0 (Cooker) for i586 Linux 2.6.21-jam12 (gcc 4.2.1 20070704 (4.2.1-3mdv2008.0)) SMP PREEMPT 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1]
On Thu, 28 Jun 2007 03:43:21 -0700, Andrew Morton [EMAIL PROTECTED] wrote: ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc6/2.6.22-rc6-mm1/ I have noticed a funny problem. Lets say 666 is not an uid used on you system. This oopses: rm -f dummy touch dummy chown 666 dummy touch dummy Oops: BUG: unable to handle kernel NULL pointer dereference at virtual address 006a printing eip: c0165281 *pde = Oops: [#2] PREEMPT SMP Modules linked in: w83627hf hwmon_vid hwmon i2c_dev loop floppy udf microcode snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm nvidia(P) snd_timer 3c59x snd_page_alloc snd_util_mem snd_hwdep snd usblp ohci1394 e1000 ieee1394 sata_promise emu10k1_gp gameport intel_agp i2c_i801 agpgart evdev sg CPU:3 EIP:0060:[c0165281]Tainted: P D VLI EFLAGS: 00210297 (2.6.21-jam12 #1) EIP is at permission+0x4/0xa1 eax: ebx: c5785aa0 ecx: c43a1f04 edx: 0002 esi: edi: ebp: c3442c00 esp: c43a1ef0 ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068 Process touch (pid: 8401, ti=c43a1000 task=c25d69b0 task.ti=c43a1000) Stack: c5785aa0 fff3 c017ba84 c43e9c50 c55c52a8 c43e9c50 c344ab7c 00c9 c3442c00 b7f14f70 c4f574d0 c2ea5400 c03ef580 0004 b7f14f70 c0125cac c4f574d0 Call Trace: [c017ba84] do_utimes+0x174/0x1b9 [c0125cac] __atomic_notifier_call_chain+0x27/0x4d [c0111a06] do_page_fault+0x523/0x68d [c017bbb3] sys_utimensat+0x22/0x92 [c01114e3] do_page_fault+0x0/0x68d [c0102902] sysenter_past_esp+0x5f/0x85 [c030] packet_setsockopt+0x279/0x325 === Code: eb b1 66 c1 ee 06 8d 74 26 00 eb 8c 83 e7 02 75 c5 b8 02 00 00 00 8d 74 26 00 e8 16 bf fb ff 85 c0 74 b3 31 c0 eb c9 56 53 89 c6 0f b7 58 6a f6 c2 02 74 31 8b 80 a4 00 00 00 f6 40 30 01 74 1c EIP: [c0165281] permission+0x4/0xa1 SS:ESP 0068:c43a1ef0 Any ideas ? -- J.A. Magallon jamagallon()ono!com \ Software is like sex: \ It's better when it's free Mandriva Linux release 2008.0 (Cooker) for i586 Linux 2.6.21-jam12 (gcc 4.2.1 20070704 (4.2.1-3mdv2008.0)) SMP PREEMPT 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1]
On Sun, 22 Jul 2007 23:48:14 +0200 J.A. Magallón wrote: On Thu, 28 Jun 2007 03:43:21 -0700, Andrew Morton [EMAIL PROTECTED] wrote: ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc6/2.6.22-rc6-mm1/ so is this 2.6.22-rc6-mm1 or is it as Oops says: 2.6.21-jam12 ? I tested 2.6.22-rc6-mm1 and couldn't reproduce this. Maybe your .config file would help. I have noticed a funny problem. Lets say 666 is not an uid used on you system. This oopses: rm -f dummy touch dummy chown 666 dummy touch dummy Oops: BUG: unable to handle kernel NULL pointer dereference at virtual address 006a printing eip: c0165281 *pde = Oops: [#2] PREEMPT SMP Modules linked in: w83627hf hwmon_vid hwmon i2c_dev loop floppy udf microcode snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm nvidia(P) snd_timer 3c59x snd_page_alloc snd_util_mem snd_hwdep snd usblp ohci1394 e1000 ieee1394 sata_promise emu10k1_gp gameport intel_agp i2c_i801 agpgart evdev sg CPU:3 EIP:0060:[c0165281]Tainted: P D VLI EFLAGS: 00210297 (2.6.21-jam12 #1) EIP is at permission+0x4/0xa1 eax: ebx: c5785aa0 ecx: c43a1f04 edx: 0002 esi: edi: ebp: c3442c00 esp: c43a1ef0 ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068 Process touch (pid: 8401, ti=c43a1000 task=c25d69b0 task.ti=c43a1000) Stack: c5785aa0 fff3 c017ba84 c43e9c50 c55c52a8 c43e9c50 c344ab7c 00c9 c3442c00 b7f14f70 c4f574d0 c2ea5400 c03ef580 0004 b7f14f70 c0125cac c4f574d0 Call Trace: [c017ba84] do_utimes+0x174/0x1b9 [c0125cac] __atomic_notifier_call_chain+0x27/0x4d [c0111a06] do_page_fault+0x523/0x68d [c017bbb3] sys_utimensat+0x22/0x92 [c01114e3] do_page_fault+0x0/0x68d [c0102902] sysenter_past_esp+0x5f/0x85 [c030] packet_setsockopt+0x279/0x325 === Code: eb b1 66 c1 ee 06 8d 74 26 00 eb 8c 83 e7 02 75 c5 b8 02 00 00 00 8d 74 26 00 e8 16 bf fb ff 85 c0 74 b3 31 c0 eb c9 56 53 89 c6 0f b7 58 6a f6 c2 02 74 31 8b 80 a4 00 00 00 f6 40 30 01 74 1c EIP: [c0165281] permission+0x4/0xa1 SS:ESP 0068:c43a1ef0 Any ideas ? --- ~Randy *** Remember to use Documentation/SubmitChecklist when testing your code *** - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/