| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200622124208.GW11244@42.do-not-panic.com>
Date: Mon, 22 Jun 2020 12:42:08 +0000
From: Luis Chamberlain <mcgrof@...nel.org>
To: Bart Van Assche <bvanassche@....org>
Cc: axboe@...nel.dk, viro@...iv.linux.org.uk,
gregkh@...uxfoundation.org, rostedt@...dmis.org, mingo@...hat.com,
jack@...e.cz, ming.lei@...hat.com, nstange@...e.de,
akpm@...ux-foundation.org, mhocko@...e.com, yukuai3@...wei.com,
martin.petersen@...cle.com, jejb@...ux.ibm.com,
linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 8/8] block: create the request_queue debugfs_dir on
registration
On Sat, Jun 20, 2020 at 11:07:43AM -0700, Bart Van Assche wrote:
> On 2020-06-19 13:47, Luis Chamberlain wrote:
> > We were only creating the request_queue debugfs_dir only
> > for make_request block drivers (multiqueue), but never for
> > request-based block drivers. We did this as we were only
> > creating non-blktrace additional debugfs files on that directory
> > for make_request drivers. However, since blktrace *always* creates
> > that directory anyway, we special-case the use of that directory
> > on blktrace. Other than this being an eye-sore, this exposes
> > request-based block drivers to the same debugfs fragile
> > race that used to exist with make_request block drivers
> > where if we start adding files onto that directory we can later
> > run a race with a double removal of dentries on the directory
> > if we don't deal with this carefully on blktrace.
> >
> > Instead, just simplify things by always creating the request_queue
> > debugfs_dir on request_queue registration. Rename the mutex also to
> > reflect the fact that this is used outside of the blktrace context.
>
> There are two changes in this patch: a bug fix and a rename of a mutex.
> I don't like it to see two changes in a single patch.
I thought about doing the split first, and I did it at first, but
then I could hear Christoph yelling at me for it. So I merged the
two together. Although it makes it more difficult for review,
the changes do go together.
Kind of late to split this as its already merged now.
> Additionally, is the new mutex name really better than the old name? The
> proper way to use mutexes is to use mutexes to protect data instead of
> code. Where is the documentation that mentions which member variable(s)
> of which data structures are protected by the mutex formerly called
> blk_trace_mutex?
It does not exist, and that is the point. The debugfs_dir use after
free showed us *when* that UAF can happen, and so care must be taken
if we are to use the mutex to protect the debugfs_dir but also re-use
the same directory for other block core shenanigans.
> Since the new name makes it even less clear which data
> is protected by this mutex, is the new name really better than the old name?
I thought the new name makes it crystal clear what is being protected. I
can however add a comment to explain that the q->debugfs_mutex protects
the q->debugfs_dir if it is created, otherwise it protects the ephemeral
debugfs_dir directory which would otherwise be created in lieue of
q->debugfs_dir, however the patch still lies under <debugfs_root>/block/.
Let me know if you think that will help.
Luis
Powered by blists - more mailing lists