lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 15 May 2019 12:20:54 -0400
From:   Mike Snitzer <snitzer@...hat.com>
To:     Helen Koike <helen.koike@...labora.com>
Cc:     dm-devel@...hat.com, kernel@...labora.com,
        linux-kernel@...r.kernel.org, Alasdair Kergon <agk@...hat.com>
Subject: Re: dm ioctl: fix hang in early create error condition

On Wed, May 15 2019 at 12:12pm -0400,
Helen Koike <helen.koike@...labora.com> wrote:

> Hi,
> 
> On 5/13/19 10:37 PM, Mike Snitzer wrote:
> > On Mon, May 13 2019 at  3:25P -0400,
> > Helen Koike <helen.koike@...labora.com> wrote:
> > 
> >> The dm_early_create() function (which deals with "dm-mod.create=" kernel
> >> command line option) calls dm_hash_insert() who gets an extra reference
> >> to the md object.
> >>
> >> In case of failure, this reference wasn't being released, causing
> >> dm_destroy() to hang, thus hanging the whole boot process.
> >>
> >> Fix this by calling __hash_remove() in the error path.
> >>
> >> Fixes: 6bbc923dfcf57d ("dm: add support to directly boot to a mapped device")
> >> Cc: stable@...r.kernel.org
> >> Signed-off-by: Helen Koike <helen.koike@...labora.com>
> >>
> >> ---
> >> Hi,
> >>
> >> I tested this patch by adding a new test case in the following test
> >> script:
> >>
> >> https://gitlab.collabora.com/koike/dm-cmdline-test/commit/d2d7a0ee4a49931cdb59f08a837b516c2d5d743d
> >>
> >> This test was failing, but with this patch it works correctly.
> >>
> >> Thanks
> >> Helen
> > 
> > Thanks for the patch but I'd prefer the following simpler fix.  What do
> > you think?
> > 
> > That said, I can provide a follow-on patch (inspired by the patch you
> > provided) that encourages more code sharing between dm_early_create()
> > and dev_create() by factoring out __dev_create().
> 
> Sounds great.
> 
> > 
> > diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
> > index c740153b4e52..0eb0b462c736 100644
> > --- a/drivers/md/dm-ioctl.c
> > +++ b/drivers/md/dm-ioctl.c
> > @@ -2117,6 +2117,7 @@ int __init dm_early_create(struct dm_ioctl *dmi,
> >  err_destroy_table:
> >  	dm_table_destroy(t);
> >  err_destroy_dm:
> > +	(void) __hash_remove(__find_device_hash_cell(dmi));
> >  	dm_put(md);
> >  	dm_destroy(md);
> >  	return r;
> > 
> 
> This doesn't really work for two reasons:
> 
> 1) __find_device_hash_cell() requires a mutual exclusivity between name,
> uuid and dev. In dm_early_create(), dmi can have more then one of these.

__find_device_hash_cell's exclusivity requirements are strange; I'll try
to understand what requires this.

> 2) I can fix (1) by calling __get_name_cell(), as the name is mandatory
> anyway, but this function also grabs another reference to the md object,
> so I need to add an extra dm_put(md) there:
> 
>  err_destroy_table:
>         dm_table_destroy(t);
> +err_hash_remove:
> +       (void) __hash_remove(__get_name_cell(dmi->name));
> +       dm_put(md);
>  err_destroy_dm:
>         dm_put(md);
>         dm_destroy(md);
> 
> 
> What do you think? Is this ok?

I think so.  Please submit a v2 and I'll rebase my followon patch
accordingly and will get it posted.

Thanks,
Mike

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ