| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1616500116-3411-2-git-send-email-sergei.shtepa@veeam.com>
Date: Tue, 23 Mar 2021 14:48:36 +0300
From: Sergei Shtepa <sergei.shtepa@...am.com>
To: Jens Axboe <axboe@...nel.dk>, <linux-block@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
CC: <sergei.shtepa@...am.com>, <pavel.tide@...am.com>
Subject: [PATCH 1/1] block: fix potential infinite loop in the negative branch in __submit_bio_noacct_mq()
When the blk_crypto_bio_prep() function returns false, the processing
of the bio request must end. Repeated access to blk_crypto_bio_prep()
for this same bio may lead to access to already released data, since in
this case the bio_endio() function was already called for bio.
The changes allow to leave the processing of the failed bio and
go to the next one from the bio_list.
The error can only occur when using inline encryption on
request-based blk-mq devices and something went wrong in the
__blk_crypto_bio_prep().
Signed-off-by: Sergei Shtepa <sergei.shtepa@...am.com>
---
block/blk-core.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index fc60ff208497..825df223b01d 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1005,13 +1005,12 @@ static blk_qc_t __submit_bio_noacct_mq(struct bio *bio)
if (unlikely(bio_queue_enter(bio) != 0))
continue;
- if (!blk_crypto_bio_prep(&bio)) {
+ if (blk_crypto_bio_prep(&bio))
+ ret = blk_mq_submit_bio(bio);
+ else {
blk_queue_exit(disk->queue);
ret = BLK_QC_T_NONE;
- continue;
}
-
- ret = blk_mq_submit_bio(bio);
} while ((bio = bio_list_pop(&bio_list[0])));
current->bio_list = NULL;
--
2.20.1
Powered by blists - more mailing lists