lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1479290825-23201-1-git-send-email-ming.lei@canonical.com>
Date:   Wed, 16 Nov 2016 18:07:05 +0800
From:   Ming Lei <ming.lei@...onical.com>
To:     Jens Axboe <axboe@...com>, linux-kernel@...r.kernel.org
Cc:     linux-block@...r.kernel.org, Christoph Hellwig <hch@...radead.org>,
        Ming Lei <ming.lei@...onical.com>, Shaohua Li <shli@...com>,
        Jens Axboe <axboe@...nel.dk>
Subject: [PATCH] block: deal with stale req count of plug list

In both legacy and mq path, req count of plug list is computed
before allocating request, so the number can be stale when falling
back to slept allocation, also the new introduced wbt can sleep
too.

This patch deals with the case by checking if plug list becomes
empty, and fixes the KASAN report of 'BUG: KASAN: stack-out-of-bounds'
which is introduced by Shaohua's patches of dispatching big request.

Fixes: 600271d900002(blk-mq: immediately dispatch big size request)
Fixes: 50d24c34403c6(block: immediately dispatch big size request)
Cc: Shaohua Li <shli@...com>
Signed-off-by: Ming Lei <ming.lei@...onical.com>
---
 block/blk-core.c | 5 ++++-
 block/blk-mq.c   | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/block/blk-core.c b/block/blk-core.c
index eea246567884..473dd698effd 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1753,8 +1753,11 @@ static blk_qc_t blk_queue_bio(struct request_queue *q, struct bio *bio)
 		/*
 		 * If this is the first request added after a plug, fire
 		 * of a plug trace.
+		 *
+		 * @request_count may become stale because of schedule
+		 * out, so check plug list again.
 		 */
-		if (!request_count)
+		if (!request_count || list_empty(&plug->list))
 			trace_block_plug(q);
 		else {
 			struct request *last = list_entry_rq(plug->list.prev);
diff --git a/block/blk-mq.c b/block/blk-mq.c
index ae8df5ec20d3..f39e69c732cc 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -1497,6 +1497,13 @@ static blk_qc_t blk_sq_make_request(struct request_queue *q, struct bio *bio)
 		struct request *last = NULL;
 
 		blk_mq_bio_to_request(rq, bio);
+
+		/*
+		 * @request_count may become stale because of schedule
+		 * out, so check the list again.
+		 */
+		if (list_empty(&plug->mq_list))
+			request_count = 0;
 		if (!request_count)
 			trace_block_plug(q);
 		else
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ