| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <83a56a54-3269-ecb9-f4ae-01c3f9717279@kernel.dk>
Date: Tue, 12 Nov 2019 07:23:23 -0800
From: Jens Axboe <axboe@...nel.dk>
To: Paolo Valente <paolo.valente@...aro.org>
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
ulf.hansson@...aro.org, linus.walleij@...aro.org,
bfq-iosched@...glegroups.com, oleksandr@...alenko.name,
Chris Evich <cevich@...hat.com>,
Patrick Dung <patdung100@...il.com>,
Thorsten Schubert <tschubert@...h.org>
Subject: Re: [PATCH BUGFIX] block, bfq: deschedule empty bfq_queues not
referred by any process
On 11/11/19 11:48 PM, Paolo Valente wrote:
> Since commit 3726112ec731 ("block, bfq: re-schedule empty queues if
> they deserve I/O plugging"), to prevent the service guarantees of a
> bfq_queue from being violated, the bfq_queue may be left busy, i.e.,
> scheduled for service, even if empty (see comments in
> __bfq_bfqq_expire() for details). But, if no process will send
> requests to the bfq_queue any longer, then there is no point in
> keeping the bfq_queue scheduled for service.
>
> In addition, keeping the bfq_queue scheduled for service, but with no
> process reference any longer, may cause the bfq_queue to be freed when
> descheduled from service. But this is assumed to never happen, and
> causes a UAF if it happens. This, in turn, caused crashes [1, 2].
>
> This commit fixes this issue by descheduling an empty bfq_queue when
> it remains with not process reference.
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1767539
> [2] https://bugzilla.kernel.org/show_bug.cgi?id=205447
Applied, thanks.
--
Jens Axboe
Powered by blists - more mailing lists