| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Feb 2018 17:19:14 +0100
From: Jan Kara <jack@...e.cz>
To: Tejun Heo <tj@...nel.org>
Cc: Jens Axboe <axboe@...nel.dk>, Miklos Szeredi <miklos@...redi.hu>,
Joshua Miller <joshmiller@...com>, kernel-team@...com,
Johannes Weiner <hannes@...xchg.org>, Jan Kara <jack@...e.cz>,
stable@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 1/2] bdi: make sure congestion states are clear on free
On Fri 02-02-18 09:53:28, Tejun Heo wrote:
> FUSE has a bug where it fails to clear congestion states if a
> connection gets aborted while congested, which can leave
> nr_wb_congested[] stuck until reboot causing wait_iff_congested() to
> wait spuriously.
>
> While the bdi owner, FUSE, is primarily responsible for clearing
> congestion states before destroying bdi_writebacks, bdi layer can
> ensure that congestion states are not leaked beyond bdi_writeback
> lifecycle.
>
> Signed-off-by: Tejun Heo <tj@...nel.org>
> Reported-by: Joshua Miller <joshmiller@...com>
> Cc: Johannes Weiner <hannes@...xchg.org>
> Cc: Jan Kara <jack@...e.cz>
> Cc: stable@...r.kernel.org
Looks good. You can add:
Reviewed-by: Jan Kara <jack@...e.cz>
Honza
> ---
> include/linux/backing-dev.h | 14 +++++++++++++-
> mm/backing-dev.c | 2 +-
> 2 files changed, 14 insertions(+), 2 deletions(-)
>
> --- a/include/linux/backing-dev.h
> +++ b/include/linux/backing-dev.h
> @@ -220,6 +220,18 @@ static inline int bdi_sched_wait(void *w
> return 0;
> }
>
> +static inline void __wb_congested_free(struct bdi_writeback_congested *congested)
> +{
> + /*
> + * Make sure congestion states are cleared before freeing to avoid
> + * nr_wb_congested() corruption which can lead to misbehaving
> + * wait_iff_congested().
> + */
> + clear_wb_congested(congested, BLK_RW_SYNC);
> + clear_wb_congested(congested, BLK_RW_ASYNC);
> + kfree(congested);
> +}
> +
> #ifdef CONFIG_CGROUP_WRITEBACK
>
> struct bdi_writeback_congested *
> @@ -409,7 +421,7 @@ wb_congested_get_create(struct backing_d
> static inline void wb_congested_put(struct bdi_writeback_congested *congested)
> {
> if (atomic_dec_and_test(&congested->refcnt))
> - kfree(congested);
> + __wb_congested_free(congested);
> }
>
> static inline struct bdi_writeback *wb_find_current(struct backing_dev_info *bdi)
> --- a/mm/backing-dev.c
> +++ b/mm/backing-dev.c
> @@ -509,7 +509,7 @@ void wb_congested_put(struct bdi_writeba
> }
>
> spin_unlock_irqrestore(&cgwb_lock, flags);
> - kfree(congested);
> + __wb_congested_free(congested);
> }
>
> static void cgwb_release_workfn(struct work_struct *work)
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists