lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 13 Jan 2020 14:44:52 -0500
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     linux-ext4@...r.kernel.org, linux-fscrypt@...r.kernel.org
Subject: Re: [PATCH] ext4: fix deadlock allocating crypto bounce page from
 mempool

On Tue, Dec 31, 2019 at 12:11:49PM -0600, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
> 
> ext4_writepages() on an encrypted file has to encrypt the data, but it
> can't modify the pagecache pages in-place, so it encrypts the data into
> bounce pages and writes those instead.  All bounce pages are allocated
> from a mempool using GFP_NOFS.
> 
> This is not correct use of a mempool, and it can deadlock.  This is
> because GFP_NOFS includes __GFP_DIRECT_RECLAIM, which enables the "never
> fail" mode for mempool_alloc() where a failed allocation will fall back
> to waiting for one of the preallocated elements in the pool.
> 
> But since this mode is used for all a bio's pages and not just the
> first, it can deadlock waiting for pages already in the bio to be freed.
> 
> This deadlock can be reproduced by patching mempool_alloc() to pretend
> that pool->alloc() always fails (so that it always falls back to the
> preallocations), and then creating an encrypted file of size > 128 KiB.
> 
> Fix it by only using GFP_NOFS for the first page in the bio.  For
> subsequent pages just use GFP_NOWAIT, and if any of those fail, just
> submit the bio and start a new one.
> 
> This will need to be fixed in f2fs too, but that's less straightforward.
> 
> Fixes: c9af28fdd449 ("ext4 crypto: don't let data integrity writebacks fail with ENOMEM")
> Cc: stable@...r.kernel.org
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>

Applied, thanks.

					- Ted

Powered by blists - more mailing lists