| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1608203273-170555-1-git-send-email-john.garry@huawei.com>
Date: Thu, 17 Dec 2020 19:07:51 +0800
From: John Garry <john.garry@...wei.com>
To: <axboe@...nel.dk>, <ming.lei@...hat.com>
CC: <linux-block@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<hch@....de>, <hare@...e.de>, <ppvk@...eaurora.org>,
<bvanassche@....org>, <kashyap.desai@...adcom.com>,
<linuxarm@...wei.com>, John Garry <john.garry@...wei.com>
Subject: [RFC PATCH v2 0/2] blk-mq: Avoid use-after-free for accessing old requests
This series aims to tackle the various UAF reports, like:
- https://lore.kernel.org/linux-block/8376443a-ec1b-0cef-8244-ed584b96fa96@huawei.com/
- https://lore.kernel.org/linux-block/5c3ac5af-ed81-11e4-fee3-f92175f14daf@acm.org/T/#m6c1ac11540522716f645d004e2a5a13c9f218908
- https://lore.kernel.org/linux-block/04e2f9e8-79fa-f1cb-ab23-4a15bf3f64cc@kernel.dk/
Details are in the commit messages. Most important detail is that
fastpath is untouched.
The issue addressed in patch 1/2 is pretty easy to reproduce, 2/2 not so
much.
Differences to v1:
- add 2nd patch
John Garry (2):
blk-mq: Clean up references to old requests when freeing rqs
blk-mq: Lockout tagset iter when freeing rqs
block/blk-mq-sched.c | 2 +-
block/blk-mq-tag.c | 22 +++++++++++++++++++---
block/blk-mq-tag.h | 3 +++
block/blk-mq.c | 22 ++++++++++++++++++++--
block/blk-mq.h | 2 ++
5 files changed, 45 insertions(+), 6 deletions(-)
--
2.26.2
Powered by blists - more mailing lists