From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ua1-f53.google.com ([209.85.222.53]) by ewsd; Wed Aug 15 22:44:37 EDT 2018 Received: by mail-ua1-f53.google.com with SMTP id w7-v6so2784190uan.9 for <9front@9front.org>; Wed, 15 Aug 2018 19:44:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=offblast-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=tt2AVOtmcLscZxo/Z9JX9wx9ZDImNVlV1+sTRVLlanc=; b=OegAXZLNib6r00dcy4uFmA/yiBNkZ09w88boeH6O/7u/7JO+5b3+0LV/Otxd0ktwyg i/nvW+XMbXGEL+6HmoNxSZTgB2w7pq3PfA69/lwwpMUGkDDHD/yNK8OKm7jSmU+v5wXf cwPze+SyxHc0xfWWqA+RvmBv593p71VJLb6jzp0H7i5EnZ4jdQELsnyuLFD0dukHhQbh b1yR/3Twbq8SwfPOdiJ2NNNV2Zx6Cio6xz+LLBUV8WcNCGuP7VFFPLnigPyo/mQfYgXo X+6qQnBhl8I1paYFO9KHar0pONmVpAYmz+qErg+X5iIorLCPvCYVOTRh+0mRhHWlSONy 6dKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tt2AVOtmcLscZxo/Z9JX9wx9ZDImNVlV1+sTRVLlanc=; b=GnNUZYVS6ZHnhkwShDURqHs5w+md0uudJ+3SSMT3j2MsYAwaf+HMdPnm4DIqCfLGWY sGtqmaQKtRHLGgT2olaMntMU46/AhMvLj9hkorahckfYLMW6ZSfpmDld8reJYkEDEWpb pAQaQLnWr4apR3iIRJ8ZSR2jD1r/WyKnC+kq0OHoYx4WjD5ae0MRdpicJ/5YUvHEzQ52 ++ksdCCNNdGV59aMMbwZptW4Ptkf+uKug3ns3sI/JZChWJR9l1jLl3L11cXwTSNuw4go Sk8MzHZzu24mHIQiNwbNRrmWffQcYY8Ii+312oirhV2NMtWTfVNst6vkq/pUoagKWXpU uzjg== X-Gm-Message-State: AOUpUlFgeBCUf+ahjO4RX9nJp+wy+aldLrQFYtI6P6wSy2DbFfcCCkF+ dC9LoEi6pTBhQbDg5ezKg0+8pVYmV+EwWCmuW0aMgeaffdU= X-Google-Smtp-Source: AA+uWPykb57/+lhRjo3Q+1ZukqR4eSzD7GBhUi4KMKDr2SrhIJrky+I0JcGU0p+numQbvuoD57sLtiHLuBYByKAcUKI= X-Received: by 2002:ab0:6194:: with SMTP id h20-v6mr15762944uan.111.1534387474336; Wed, 15 Aug 2018 19:44:34 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a67:e21a:0:0:0:0:0 with HTTP; Wed, 15 Aug 2018 19:44:13 -0700 (PDT) From: Nick Owens Date: Wed, 15 Aug 2018 19:44:13 -0700 Message-ID: Subject: hjfs stack overflow To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: virtualized transactional firewall-scale method there is a stack overflow in hjfs, trivially reproducible by executing: # set up a new temporary disk dd -if /dev/zero -of /tmp/hjfs.tmp -oseek 52428800 -count 1 hjfs -n hjfs.tmp -f /tmp/hjfs.tmp -S -r -m 16 echo newuser $user > /srv/hjfs.tmp.cmd mount -cC /srv/hjfs.tmp /n/hjfs.tmp cd /n/hjfs.tmp # crash hjfs mkdir -p `{seq 1000 | tr '\xa' /} the function willmodify is recursive, and appears to recurse for each element in the directory path. possible solutions i see are make it iterative, or have it call needstack() from libthread and return an error when out of stack. below is a stack trace with the majority of the recursive calls clipped out. /proc/143864/text:amd64 plan 9 executable /sys/lib/acid/port /sys/lib/acid/amd64 $home/lib/acid acid: abort()+0x0 /sys/src/libc/9sys/abort.c:6 needstack(n=0x80)+0xa5 /sys/src/libthread/sched.c:95 x=0x217c2afefefefe _sched()+0x27 /sys/src/libthread/sched.c:109 p=0x1424da0 t=0x15b6bd8 _threadrendezvous(tag=0x15b6df0,val=0x0)+0x132 /sys/src/libthread/rendez.c:56 l=0x40dc68 t=0x15b6bd8 ret=0x1424da0 alt(alts=0x15b6e40)+0x1ed /sys/src/libthread/channel.c:172 t=0x15b6bd8 s=0x0 n=0x0 a=0x0 c=0x0 xa=0x15b6e40 ca=0x0 waiting=0x1 allreadycl=0x100000000 r=0xfefefefefefefefe runop(c=0x418500,v=0x15b6f28,nb=0xfefefefe00000000)+0x52 /sys/src/libthread/channel.c:314 a=0x418500 recv(v=0x15b6f28)+0x28 /sys/src/libthread/channel.c:321 getbuf(d=0x1435c10,off=0x4,nodata=0xfefefefe00000000,type=0xfefefefe00000004)+0x92 /sys/src/cmd/hjfs/buf.c:268 req=0x1435c10 th=0x4184c0 b=0xfefefefefefefefe chref(r=0x12c4,stat=0x0)+0x53 /sys/src/cmd/hjfs/fs1.c:18 j=0xfefefefe000002c5 rc=0x2c5fefefefe willmodify(l=0x1628098,fs=0x15fae18,nolock=0x1)+0x96 /sys/src/cmd/hjfs/dump.c:133 p=0x217f20 d=0x1425780 i=0xfefefefefefefefe r=0x20cea0 [ ... ] willmodify(l=0x423640,fs=0x15fae18,nolock=0xffffffff00000001)+0x6f /sys/src/cmd/hjfs/dump.c:131 p=0x1628d68 d=0x15fae18 i=0x21b8e7 r=0x70020cea0 willmodify(l=0x4236e0,fs=0x15fae18,nolock=0x0)+0x6f /sys/src/cmd/hjfs/dump.c:131 p=0x1424da0 d=0x20cea0 i=0x203b88 r=0x405101 chancreat(ch=0x418020,name=0x15fbb84,perm=0x800001ff,mode=0xfefefefe00000000)+0xd9 /sys/src/cmd/hjfs/fs2.c:119 b=0x0 l=0x0 isdir=0x403f3800000001 d=0x403f38 f=0x20fba0 workerproc()+0x1dd /sys/src/cmd/hjfs/9p.c:216 ch=0x418020 req=0x1628a98 o=0x1628bc0 launcheramd64(arg=0x0,f=0x2097b7)+0x10 /sys/src/libthread/amd64.c:11 0xfefefefefefefefe ?file?:0 acid: echo kill > /proc/143864/ctl