[Apparmor-dev] OOPS in fuse_do_setattr()

John Johansen jjohansen at suse.de
Wed Mar 19 10:48:25 MDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luiz Fernando N. Capitulino wrote:
| Em Tue, 18 Mar 2008 16:03:01 -0700
| John Johansen <jjohansen at suse.de> escreveu:
|
| | -----BEGIN PGP SIGNED MESSAGE-----
| | Hash: SHA1
| |
| | Luiz Fernando N. Capitulino wrote:
| | |  Hello,
| | |
| | |  A Mandriva user has reported a OOPS which seems to be caused by
| | | Apparmor. It happens with the apparmor version for 2.6.24 kernels:
| | |
| | | """
| | | BUG: unable to handle kernel NULL pointer dereference at virtual
address
| | | 00000148
| | | printing eip: e0f69e50 *pde = 00000000
| | | Oops: 0000 [#1] SMP
| | | Modules linked in: nfs lockd nfs_acl sunrpc fuse af_packet
snd_seq_dummy
| | | snd_seq_oss snd_seq_midi_evente
| | |
| | | Pid: 4304, comm: rsync Not tainted (2.6.24.3-desktop-3mnb #1)
| | | EIP: 0060:[<e0f69e50>] EFLAGS: 00010206 CPU: 0
| | | EIP is at fuse_do_setattr+0x170/0x3b0 [fuse]
| | | EAX: 000000d8 EBX: df2c9f70 ECX: 00002041 EDX: 000000d8
| | | ESI: df1018d0 EDI: 00000000 EBP: df2c9f14 ESP: df2c9e20
| | |  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
| | | Process rsync (pid: 4304, ti=df2c8000 task=df153740 task.ti=df2c8000)
| | | Stack: c0146eea df2c9e2c c01e4db8 df2c9e90 df2c9e48 df2c9eb0 000000d8
| | df2a4000
| | |        dee44800 df1018d0 00000000 00000000 00000000 00000000 00000000
| | 00000000
| | |        00000000 00000000 00000000 00000000 00000000 00000000 00000000
| | 00000000
| | | Call Trace:
| | |  [<c010645a>] show_trace_log_lvl+0x1a/0x30
| | |  [<c010651b>] show_stack_log_lvl+0xab/0xd0
| | |  [<c01065fd>] show_registers+0xbd/0x1c0
| | |  [<c010682e>] die+0x12e/0x260
| | |  [<c012287f>] do_page_fault+0x33f/0x650
| | |  [<c0344c7a>] error_code+0x72/0x78
| | |  [<e0f6a0a1>] fuse_setattr+0x11/0x30 [fuse]
| | |  [<c01a2d70>] notify_change+0x110/0x420
| | |  [<c018d53c>] sys_fchmod+0xbc/0xf0
| | |  [<c010532e>] sysenter_past_esp+0x6b/0xa1
| | |  =======================
| | | Code: 00 00 85 ff 0f 84 7e 01 00 00 66 f7 c1 00 a0 0f 84 73 01 00 00
| | 8d b6 00
| | | 00 00 00 8b 85 24 ff ff f
| | | EIP: [<e0f69e50>] fuse_do_setattr+0x170/0x3b0 [fuse] SS:ESP
0068:df2c9e20
| | | ---[ end trace 50a1735debb7586e ]---
| | | """
| | |
| | |  I can reproduce it quite easily with the following script:
| | |
| | | """
| | | #!/bin/sh
| | |
| | | NFS_FILE=ntfs.fs
| | | MOUNT_P=/mnt/temp
| | | CP_SOURCE=/usr/
| | |
| | | sync
| | |
| | | dd if=/dev/zero of=$NFS_FILE bs=1M count=256
| | | mkfs.ntfs -F $NFS_FILE 1> /dev/null
| | | mount $NFS_FILE $MOUNT_P -t ntfs-3g
| | |
| | | mount | grep $NFS_FILE
| | |
| | | echo
| | | echo mounted, trying to copy files
| | |
| | | rsync -a $CP_SOURCE $MOUNT_P
| | | """
| | |
| | |  I think it's because of apparmor because I can't reproduce with
| | | a kernel compiled with no apparmor patches.
| | |
| | |  But I didn't check the current 'for-mainline' patches yet.
| | |
| | |  Is this problem a know issue?
| | |
| | Sadly it is, and has been fixed in the for-mainline development branch,
| | but the fix hasn't been released for AppArmor 2.1 yet.  There is a 2.1.3
| | release coming, hopefully this week, that will address this bug.
|
|  Do you know what patch has the fix? If yes, could you tell me what
| it's so that I can try to backport the fix?
|
|  We have about ten days to release our last kernel to be included
| in the official distro and I'm afraid we won't have enough time
| for testing.
|
|  Thanks for the help.
|
The problem stems from FUSE, and a few other filesystems unconditionally
using ia_file if available and not checking the file type.  This causes
them to break on special files.

The fix is based on some patches from Miklos Szeredi (Fuse
developer).  Specifically fgetattr.diff, fsetattr.diff.
The fsetattr-reintro-ATTR_FILE.diff then adds back in a
the ATTR_FILE which is needed to distinguish notify_change
events.  The file-handle-ops.diff patch then needs to be updated
to handle the changes from the previous patches.

I had been planning on reworking the patches for 2.1.3 so that they
just patched Fuse, and the other filesystems, to check the file type,
which seemed better than introducing another vfs change for the 2.1.3
maintenance branch, but in the end I just may stick with the
fsetattr.diff approach.

For now at least I have introduced the patches into the 2.1 tree, and
committed.  So you should only have to pull from the svn

https://forgesvn1.novell.com/svn/apparmor/branches/2_1/kernel-patches/2.6.24/

cheers
john


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFH4UPZi/GH5xuqKCcRAnFIAJ47ZsZ6wClnohMVq9Z6UVqiLMIRvwCcCxZg
BthHpgAMral4uZpSVEM/ks0=
=x/j2
-----END PGP SIGNATURE-----

More information about the Apparmor-dev mailing list