| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Aug 2018 16:32:46 -0400
From: Mike Snitzer <snitzer@...hat.com>
To: xiao jin <jin.xiao@...el.com>,
Mikulas Patocka <mpatocka@...hat.com>
Cc: agk@...hat.com, dm-devel@...hat.com, linux-kernel@...r.kernel.org,
yanmin.zhang@...el.com
Subject: Re: dm-bufio: adjust the reserved buffer for dm-verify-target.
On Wed, Aug 08 2018 at 2:40am -0400,
xiao jin <jin.xiao@...el.com> wrote:
> We hit the BUG() report at include/linux/scatterlist.h:144!
> The callback is as bellow:
> => verity_work
> => verity_hash_for_block
> => verity_verify_level
> => verity_hash
> => verity_hash_update
> => sg_init_one
> => sg_set_buf
>
> More debug shows the root cause. When creating dufio client it
> uses the __vmalloc() to allocate the buffer data for the reserved
> dm_buffer. The buffer that allocated by the __vmalloc() is invalid
> according to the __virt_addr_valid().
>
> Mostly the reserved dm_buffer is not touched. But occasionally
> it might fail to allocate the dm_buffer data when we try to
> allocate in the __alloc_buffer_wait_no_callback(). Then it has
> to take the reserved dm_buffer for usage. Finally it reports the
> BUG() as virt_addr_valid() detects the buffer data address is invalid.
>
> The patch is to adjust the reserved buffer for dm-verity-target. We
> allocated two dm_buffers into the reserved buffers list when creating
> the buffer interface. The first dm_buffer in the reserved buffer list
> is allocated by the __vmalloc(), it's not used after that. The second
> dm_buffer in the reserved buffer list is allocated by the
> __get_free_pages() which can be consumed after that.
>
> Signed-off-by: xiao jin <jin.xiao@...el.com>
> ---
> drivers/md/dm-bufio.c | 4 ++--
> drivers/md/dm-verity-target.c | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c
> index dc385b7..3b7ca5e 100644
> --- a/drivers/md/dm-bufio.c
> +++ b/drivers/md/dm-bufio.c
> @@ -841,7 +841,7 @@ static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client
> tried_noio_alloc = true;
> }
>
> - if (!list_empty(&c->reserved_buffers)) {
> + if (!c->need_reserved_buffers) {
> b = list_entry(c->reserved_buffers.next,
> struct dm_buffer, lru_list);
> list_del(&b->lru_list);
> @@ -1701,7 +1701,7 @@ struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsign
> goto bad;
> }
>
> - while (c->need_reserved_buffers) {
> + if (list_empty(&c->reserved_buffers)) {
> struct dm_buffer *b = alloc_buffer(c, GFP_KERNEL);
>
> if (!b) {
Point was to allocate N buffers (as accounted in
c->need_reserved_buffers). This change just allocates a single one.
Why?
Your header isn't clear on this at all.
> diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
> index 12decdbd7..40c66fc 100644
> --- a/drivers/md/dm-verity-target.c
> +++ b/drivers/md/dm-verity-target.c
> @@ -1107,7 +1107,7 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
> v->hash_blocks = hash_position;
>
> v->bufio = dm_bufio_client_create(v->hash_dev->bdev,
> - 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux),
> + 1 << v->hash_dev_block_bits, 2, sizeof(struct buffer_aux),
> dm_bufio_alloc_callback, NULL);
> if (IS_ERR(v->bufio)) {
> ti->error = "Cannot initialize dm-bufio";
> --
> 2.7.4
>
> --
> dm-devel mailing list
> dm-devel@...hat.com
> https://www.redhat.com/mailman/listinfo/dm-devel
It isn't at all clear from my initial review that what you're doing
makes any sense.
Seems like you're just papering over bufio's use of !__virt_addr_valid()
memory in unintuitive ways.
Mikulas, can you see a better way forward?
Mike
Powered by blists - more mailing lists