lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat,  9 May 2020 03:10:53 +0000
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     axboe@...nel.dk, viro@...iv.linux.org.uk, bvanassche@....org,
        gregkh@...uxfoundation.org, rostedt@...dmis.org, mingo@...hat.com,
        jack@...e.cz, ming.lei@...hat.com, nstange@...e.de,
        akpm@...ux-foundation.org
Cc:     mhocko@...e.com, yukuai3@...wei.com, linux-block@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, Luis Chamberlain <mcgrof@...nel.org>
Subject: [PATCH v4 0/5] block: fix blktrace debugfs use after free

Phew, well, since we did't hear back about removing scsi-generic
blktrace functionality I put work into addressing to keep it. That
took a lot of code inspection and also testing. Since libvirt
is limited to what devices you can test I resorted to testing
all supported device types with iscsi tcp and tgt.

I decided to simplfiy the partition work further by just using
a symbolic link. In the end that makes the blktrace code even
cleaner than anything we had before.

scsi-generic stuff still required quite a bit of work to figure
out what to do. Since scsi devices probe asynchronously and scsi-generic
is nothing but a class_interface whose sg_add_device() runs *prior*
to the scsi device probe, we currently address the symlink on the
sg ioctl. I however think this reveals a shortcoming of the class
interface, now that we have async probe and its used widely. I
think we need a probe_complete() call or something like that.
If that seems reasonable I can work on that, that would allow us to
move the debugfs_dir symlink / settings from sg's ioctl to a new
proper call. I'd prefer to address that later though, as an evolution.

Its my first time touching scsi stuff, so I'd highly appreciate a good
review of what I propose for scsi-generic. It gets a bit more
complicated with some drivers using the bsg queue. FWIW, if bsg is
enabled we *reshare* the request_queue from the scsi_device, unless
you're a scsi transport, in which case it creates its own.

You can find this on my git tree:

https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/log/?h=20200508-block-fixes

Luis Chamberlain (5):
  block: revert back to synchronous request_queue removal
  block: move main block debugfs initialization to its own file
  blktrace: fix debugfs use after free
  blktrace: break out of blktrace setup on concurrent calls
  loop: be paranoid on exit and prevent new additions / removals

 block/Makefile               |   1 +
 block/blk-core.c             |  32 ++++--
 block/blk-debugfs.c          | 202 +++++++++++++++++++++++++++++++++++
 block/blk-mq-debugfs.c       |   5 -
 block/blk-sysfs.c            |  46 ++++----
 block/blk.h                  |  23 ++++
 block/bsg.c                  |   2 +
 block/genhd.c                |  73 ++++++++++++-
 block/partitions/core.c      |   9 ++
 drivers/block/loop.c         |   4 +
 drivers/scsi/ch.c            |   1 +
 drivers/scsi/sg.c            |  75 +++++++++++++
 drivers/scsi/st.c            |   2 +
 include/linux/blkdev.h       |   6 +-
 include/linux/blktrace_api.h |   1 -
 include/linux/genhd.h        |  69 ++++++++++++
 kernel/trace/blktrace.c      |  33 ++++--
 17 files changed, 539 insertions(+), 45 deletions(-)
 create mode 100644 block/blk-debugfs.c

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ