lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160919183429.GD21803@vader>
Date:   Mon, 19 Sep 2016 11:34:29 -0700
From:   Omar Sandoval <osandov@...ndov.com>
To:     Alexander Gordeev <agordeev@...hat.com>
Cc:     linux-kernel@...r.kernel.org, linux-block@...r.kernel.org
Subject: Re: [PATCH 02/14] blk-mq: Fix a potential NULL pointer assignment to
 hctx tags

On Sun, Sep 18, 2016 at 09:37:12AM +0200, Alexander Gordeev wrote:
> If number of used hardware queues is dynamically decreased
> then tags corresponding to the newly unused queues are freed.
> 
> If previously unused hardware queues are then reused again
> they will start referring the previously freed tags.
> 
> CC: linux-block@...r.kernel.org
> Signed-off-by: Alexander Gordeev <agordeev@...hat.com>
> ---
>  block/blk-mq.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index 66505af7..7fa58fe 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -1995,6 +1995,8 @@ static void blk_mq_realloc_hw_ctxs(struct blk_mq_tag_set *set,
>  
>  		if (hctxs[i])
>  			continue;
> +		if (!set->tags[i])
> +			break;
>  
>  		node = blk_mq_hw_queue_to_node(q->mq_map, i);
>  		hctxs[i] = kzalloc_node(sizeof(struct blk_mq_hw_ctx),

In blk_mq_map_swqueue(), we have:

		/* unmapped hw queue can be remapped after CPU topo changed */
		if (!set->tags[i])
			set->tags[i] = blk_mq_init_rq_map(set, i);
		hctx->tags = set->tags[i];
		WARN_ON(!hctx->tags);

blk_mq_map_swqueue() is called from blk_mq_queue_reinit(), which we call
from blk_mq_update_nr_hw_queues(). Is that not enough? This
initialization/resizing is a bit of a twisty maze and it's hard to
convince myself that it's all correct, so cleanup here is probably
valuable.

-- 
Omar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ