http://bugzilla.opensuse.org/show_bug.cgi?id=1004532 Bug ID: 1004532 Summary: kernel: local DoS due to a page lock order bug in the XFS seek hole/data implementation Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reference: http://seclists.org/oss-sec/2016/q4/118 =========================================== Running the trinity syscall fuzzer inside a docker container as an non-privileged user below, $ trinity -g vfs --arch 64 --disable-fds=sockets --disable-fds=perf --disable-fds=epoll --disable-fds=eventfd --disable-fds=pseudo --disable-fds=timerfd --disable-fds=memfd --disable-fds=drm always trigger a deadlock/hang at the fdatasync() syscall within 30 minutes with traces (including sysrq-w info as well) like this, http://people.redhat.com/qcai/tmp/dmesg This can be reproduced on any kernel post v4.4-rc1 as long as including this commit. fc0561cefc04e7803c0f6501ca4f310a502f65b8 xfs: optimise away log forces on timestamp updates for fdatasync Reverted the above commit against the latest mainline allows the trinity to run more than 10 hours without any deadlock/hang. This had also been reported to the XFS maintainer and diagnosed as a page lock order bug in the XFS seek hole/data implementation and presumably is still working on a fix better than to revert the above commit. CAI Qian =========================================== -- You are receiving this mail because: You are on the CC list for the bug.