lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200429074627.5955-1-mcgrof@kernel.org>
Date:   Wed, 29 Apr 2020 07:46:21 +0000
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     axboe@...nel.dk, viro@...iv.linux.org.uk, bvanassche@....org,
        gregkh@...uxfoundation.org, rostedt@...dmis.org, mingo@...hat.com,
        jack@...e.cz, ming.lei@...hat.com, nstange@...e.de,
        akpm@...ux-foundation.org
Cc:     mhocko@...e.com, yukuai3@...wei.com, linux-block@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, Luis Chamberlain <mcgrof@...nel.org>
Subject: [PATCH v3 0/6] block: fix blktrace debugfs use after free

Alrighty, here is v3 with all the BUG_*() crap removed, and moving
to just create the debugfs directory needed for the partitions as well
at initialization. This allows us to get rid of the pesky
debugfs_lookup() calls which has made this code very awkward, and
allowed us to find surprising bugs when we went with an
asynchronous request_queue removal.

I'll note that I still see this:

debugfs: Directory 'loop0' with parent 'block' already present!

But only for break-blktrace [0] run_0004.sh. But since we don't
have any more races with blktrace, this has pushed me to look
into disk registration / deletion. I'll be posting patches soon
about some changes to help with that, on the error handling.

If, after these patches, you however find the root cause to this
let me know!

Also, if folks don't disagree, I'll likely follow up to just merge
break-blktrace as a self-test for blktrace. We can later expand on it
upstream instead.

These patches are based on linux-next tag next-20200428, you can find
the code on my 20200428-blktrace-fixes branch [1].

[0] https://github.com/mcgrof/break-blktrace
[1] https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/log/?h=20200428-blktrace-fixes

Luis Chamberlain (6):
  block: revert back to synchronous request_queue removal
  block: move main block debugfs initialization to its own file
  blktrace: move blktrace debugfs creation to helper function
  blktrace: fix debugfs use after free
  blktrace: break out of blktrace setup on concurrent calls
  loop: be paranoid on exit and prevent new additions / removals

 block/Makefile               |  1 +
 block/blk-core.c             | 32 ++++++++++++----
 block/blk-debugfs.c          | 44 ++++++++++++++++++++++
 block/blk-mq-debugfs.c       |  5 ---
 block/blk-sysfs.c            | 47 ++++++++++++-----------
 block/blk.h                  | 18 +++++++++
 block/genhd.c                | 73 +++++++++++++++++++++++++++++++++++-
 block/partitions/core.c      |  3 ++
 drivers/block/loop.c         |  4 ++
 drivers/scsi/sg.c            |  2 +
 include/linux/blkdev.h       |  7 ++--
 include/linux/blktrace_api.h |  1 -
 include/linux/genhd.h        | 18 +++++++++
 kernel/trace/blktrace.c      | 39 ++++++++++++++++---
 14 files changed, 249 insertions(+), 45 deletions(-)
 create mode 100644 block/blk-debugfs.c

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ