| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 May 2022 11:15:28 -0700
From: Song Liu <song@...nel.org>
To: Donald Buczek <buczek@...gen.mpg.de>
Cc: Logan Gunthorpe <logang@...tatee.com>,
open list <linux-kernel@...r.kernel.org>,
linux-raid <linux-raid@...r.kernel.org>,
Christoph Hellwig <hch@...radead.org>,
Guoqing Jiang <guoqing.jiang@...ux.dev>,
Xiao Ni <xni@...hat.com>, Stephen Bates <sbates@...thlin.com>,
Martin Oliveira <Martin.Oliveira@...eticom.com>,
David Sloan <David.Sloan@...eticom.com>
Subject: Re: [PATCH v1 12/15] md/raid5-cache: Add RCU protection to conf->log accesses
On Sun, May 22, 2022 at 11:47 PM Song Liu <song@...nel.org> wrote:
>
> On Sun, May 22, 2022 at 12:32 AM Donald Buczek <buczek@...gen.mpg.de> wrote:
> >
> > On 19.05.22 21:13, Logan Gunthorpe wrote:
> > > The mdadm test 21raid5cache randomly fails with NULL pointer accesses
> > > conf->log when run repeatedly. conf->log was sort of protected with
> > > a RCU, but most dereferences were not done with the correct functions.
> > >
> > > Add rcu_read_locks() and rcu_access_pointers() to the appropriate
> > > places.
> > >
> > > Signed-off-by: Logan Gunthorpe <logang@...tatee.com>
>
> [...]
>
> > > diff --git a/drivers/md/raid5-log.h b/drivers/md/raid5-log.h
> > > index f26e6f4c7f9a..24b4dbd5b25c 100644
> > > --- a/drivers/md/raid5-log.h
> > > +++ b/drivers/md/raid5-log.h
> > > @@ -58,7 +58,7 @@ static inline int log_stripe(struct stripe_head *sh, struct stripe_head_state *s
> > > {
> > > struct r5conf *conf = sh->raid_conf;
> > >
> > > - if (conf->log) {
> > > + if (rcu_access_pointer(conf->log)) {
> >
> >
> > A problem here is that `struct r5l_log` of `conf->log` is private to raid5-cache.c and gcc below version 10 (wrongly) regards the `typeof(*p) *local` declaration of __rcu_access_pointer as a dereference:
> >
> > CC drivers/md/raid5.o
> >
> > In file included from ./include/linux/rculist.h:11:0,
> >
> > from ./include/linux/dcache.h:8,
> >
> > from ./include/linux/fs.h:8,
> >
> > from ./include/linux/highmem.h:5,
> >
> > from ./include/linux/bvec.h:10,
> >
> > from ./include/linux/blk_types.h:10,
> >
> > from ./include/linux/blkdev.h:9,
> >
> > from drivers/md/raid5.c:38:
> >
> > drivers/md/raid5-log.h: In function ‘log_stripe’:
> >
> > ./include/linux/rcupdate.h:384:9: error: dereferencing pointer to incomplete type ‘struct r5l_log’
> >
> > typeof(*p) *local = (typeof(*p) *__force)READ_ONCE(p); \
> >
> > ^
> >
> > ./include/linux/rcupdate.h:495:31: note: in expansion of macro ‘__rcu_access_pointer’
> >
> > #define rcu_access_pointer(p) __rcu_access_pointer((p), __UNIQUE_ID(rcu), __rcu)
> >
> > ^~~~~~~~~~~~~~~~~~~~
> >
> > drivers/md/raid5-log.h:61:6: note: in expansion of macro ‘rcu_access_pointer’
> >
> > if (rcu_access_pointer(conf->log)) {
> >
> > ^~~~~~~~~~~~~~~~~~
> >
> > make[2]: *** [scripts/Makefile.build:288: drivers/md/raid5.o] Error 1
> >
> > make[1]: *** [scripts/Makefile.build:550: drivers/md] Error 2
> >
> > make: *** [Makefile:1834: drivers] Error 2
>
> This is annoying.. And there are a few other cases in raid5-log.h and
> raid5.c.
>
> Maybe we should move the definition of r5l_log to raid5-log.h?
Or we can use READ_ONCE(conf->log) for most cases.
Thought?
Song
Powered by blists - more mailing lists