lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200831160154.GA4080@lca.pw>
Date:   Mon, 31 Aug 2020 12:01:55 -0400
From:   Qian Cai <cai@....pw>
To:     Eric Sandeen <sandeen@...deen.net>
Cc:     darrick.wong@...cle.com, hch@...radead.org,
        linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] iomap: Fix WARN_ON_ONCE() from unprivileged users

On Mon, Aug 31, 2020 at 10:48:59AM -0500, Eric Sandeen wrote:
> On 8/30/20 8:45 PM, Qian Cai wrote:
> > It is trivial to trigger a WARN_ON_ONCE(1) in iomap_dio_actor() by
> > unprivileged users which would taint the kernel, or worse - panic if
> > panic_on_warn or panic_on_taint is set. Hence, just convert it to
> > pr_warn_ratelimited() to let users know their workloads are racing.
> > Thanks Dave Chinner for the initial analysis of the racing reproducers.
> > 
> > Signed-off-by: Qian Cai <cai@....pw>
> > ---
> > 
> > v2: Record the path, pid and command as well.
> > 
> >  fs/iomap/direct-io.c | 17 ++++++++++++++++-
> >  1 file changed, 16 insertions(+), 1 deletion(-)
> > 
> > diff --git a/fs/iomap/direct-io.c b/fs/iomap/direct-io.c
> > index c1aafb2ab990..66a4502ef675 100644
> > --- a/fs/iomap/direct-io.c
> > +++ b/fs/iomap/direct-io.c
> > @@ -374,6 +374,7 @@ iomap_dio_actor(struct inode *inode, loff_t pos, loff_t length,
> >  		void *data, struct iomap *iomap, struct iomap *srcmap)
> >  {
> >  	struct iomap_dio *dio = data;
> > +	char pathname[128], *path;
> >  
> >  	switch (iomap->type) {
> >  	case IOMAP_HOLE:
> > @@ -389,7 +390,21 @@ iomap_dio_actor(struct inode *inode, loff_t pos, loff_t length,
> >  	case IOMAP_INLINE:
> >  		return iomap_dio_inline_actor(inode, pos, length, dio, iomap);
> >  	default:
> > -		WARN_ON_ONCE(1);
> 
> It seems like we should explicitly catch IOMAP_DELALLOC for this case, and leave the
> default: as a WARN_ON that is not user-triggerable? i.e.
> 
> case IOMAP_DELALLOC:
> 	<all the fancy warnings>
> 	return -EIO;
> default:
> 	WARN_ON_ONCE(1);
> 	return -EIO;
> 
> > +		/*
> > +		 * DIO is not serialised against mmap() access at all, and so
> > +		 * if the page_mkwrite occurs between the writeback and the
> > +		 * iomap_apply() call in the DIO path, then it will see the
> > +		 * DELALLOC block that the page-mkwrite allocated.
> > +		 */
> > +		path = file_path(dio->iocb->ki_filp, pathname,
> > +				 sizeof(pathname));
> > +		if (IS_ERR(path))
> > +			path = "(unknown)";
> > +
> > +		pr_warn_ratelimited("page_mkwrite() is racing with DIO read (iomap->type = %u).\n"
> > +				    "File: %s PID: %d Comm: %.20s\n",
> > +				    iomap->type, path, current->pid,
> > +				    current->comm);
> 
> This is very specific ...
> 
> Do we know that mmap/page_mkwrite is (and will always be) the only way to reach this
> point?

I don't know, so this could indeed be a bit misleading.

> 
> It seems to me that this message won't be very useful for the admin; "pg_mkwrite" may
> mean something to us, but doubtful for the general public.  And "type = 1" won't mean
> much to the reader, either.
> 
> Maybe something like:
> 
> "DIO encountered delayed allocation block, racing buffered+direct? File: %s Comm: %.20s\n"
> 
> It just seems that a user-facing warning should be something the admin has a chance of
> acting on without needing to file a bug for analysis by the developers.
> 
> (though TBH "delayed allocation" probably doesn't mean much to the admin, either)

I agree with your suggestions. I'll submit a new version.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ