[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210318102614.5tatcdqmsphouydt@shindev.dhcp.fujisawa.hgst.com>
Date: Thu, 18 Mar 2021 10:26:15 +0000
From: Shinichiro Kawasaki <shinichiro.kawasaki@....com>
To: John Garry <john.garry@...wei.com>
CC: "hare@...e.de" <hare@...e.de>,
"bvanassche@....org" <bvanassche@....org>,
"ming.lei@...hat.com" <ming.lei@...hat.com>,
"axboe@...nel.dk" <axboe@...nel.dk>, "hch@....de" <hch@....de>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"pragalla@...eaurora.org" <pragalla@...eaurora.org>,
"kashyap.desai@...adcom.com" <kashyap.desai@...adcom.com>,
"yuyufen@...wei.com" <yuyufen@...wei.com>
Subject: Re: [RFC PATCH v3 0/3] blk-mq: Avoid use-after-free for accessing old
requests
On Mar 05, 2021 / 23:14, John Garry wrote:
> This series aims to tackle the various UAF reports, like:
> [0] https://lore.kernel.org/linux-block/8376443a-ec1b-0cef-8244-ed584b96fa96@huawei.com/
> [1] https://lore.kernel.org/linux-block/5c3ac5af-ed81-11e4-fee3-f92175f14daf@acm.org/T/#m6c1ac11540522716f645d004e2a5a13c9f218908
> [2] https://lore.kernel.org/linux-block/04e2f9e8-79fa-f1cb-ab23-4a15bf3f64cc@kernel.dk/
> [3] https://lore.kernel.org/linux-block/b859618aeac58bd9bb620d7ebdb24b90@codeaurora.org/
>
> Details are in the commit messages.
>
> The issue addressed in patch 1/3 is pretty easy to reproduce, 2+3/3 not so
> much, and I had to add mdelays in the iters functions to recreate in
> sane timeframes.
I also observe the KASAN UAF in blk_mq_queue_tag_busy_iter during blktests run
with kernel version 5.12-rc2 and 5.12-rc3. When the test case block/005 is run
for HDDs behind SAS HBA (Broadcom 9400), the UAF message is always reported and
it makes the test case fail. This failure was not observed with kernel v5.11. I
suppose the failure was rare until v5.11, but changes between 5.11 and 5.12-rcX
made this failure happen more frequent.
I tried the patch 1/3 by John, and saw that it avoids the UAF message and the
block/005 failure. I also tried the patch Bart suggested in this discussion
thread [1], and confirmed that it also avoids the UAF message. I appreciate
these fix work and discussion.
[1] https://marc.info/?l=linux-kernel&m=161559032606201&w=2
--
Best Regards,
Shin'ichiro Kawasaki
Powered by blists - more mailing lists