the NULL deref on umount in the 3.9.0-rc7 kernel

Li Zefan lizefan at huawei.com
Fri Apr 19 03:22:48 UTC 2013


On 2013/4/18 19:37, alexey.kodanev at oracle.com wrote:
> Hi All
> 
> I would like to report the NULL deref on umount. Tested it in linux kernel 3.7.10 and it's still in the 3.9.0-rc7.
> /
> Test-case description:
> Mount cgroup filesystem with xattr option and create inside root cgroup another hierarchy.
> Then set extended attribute to any files within root hierarchy or sub hierarchie.
> Then remove (rmdir) sub hierarchy and call umount cgroup filesystem. Afterthat, umount crash the kernel.
> 
> Also, if you don't remove sub hierarchy (steps 1.4 & 2.9 in examples below), calling umount will produce nothing except that cgroup filesystem will be unmounted (no cgroup files in the directory) but with error: cgroups continue working, while call mount again to get control access to running cgroups will produce error, such as filesystem is already mounted, but in /proc/mounts you don't have such mount point. And there is no way to get control access back to the running cgroups, except for reboot.
> 
> Here are some manual methods which will reproduce Linux crash.
> 
> 1. One way to reproduce this fault:
> 
>     1.1% mount -t cgroup cgroot_test -o xattr /sys/fs/cgroup
>     1.2% mkdir /sys/fs/cgroup/test_subsys
>     1.3% setfattr -n trusted.value -v test_value /sys/fs/cgroup/tasks
>     1.4% rmdir /sys/fs/cgroup/test_subsys
>     1.5% umount cgroot_test
> 

Thanks for the report!

A fix will be followed soon.



More information about the Containers mailing list