lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <910112B4-168D-4ECC-B374-7E6668B778F9@suse.de>
Date:   Sat, 25 Nov 2023 00:34:44 +0800
From:   Coly Li <colyli@...e.de>
To:     Jens Axboe <axboe@...nel.dk>
Cc:     Markus Weippert <markus@...mihesg.de>,
        Bcache Linux <linux-bcache@...r.kernel.org>,
        Thorsten Leemhuis <regressions@...mhuis.info>,
        Zheng Wang <zyytlz.wz@....com>, linux-kernel@...r.kernel.org,
        Stefan Förster <cite@...ertum.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Linux kernel regressions list <regressions@...ts.linux.dev>
Subject: Re: [PATCH] bcache: revert replacing IS_ERR_OR_NULL with IS_ERR



> 2023年11月25日 00:31,Jens Axboe <axboe@...nel.dk> 写道:
> 
> On 11/24/23 9:29 AM, Coly Li wrote:
>> 
>> 
>>> 2023?11?24? 23:14?Markus Weippert <markus@...mihesg.de> ???
>>> 
>>> Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in
>>> node allocations") replaced IS_ERR_OR_NULL by IS_ERR. This leads to a
>>> NULL pointer dereference.
>>> 
>>> BUG: kernel NULL pointer dereference, address: 0000000000000080
>>> Call Trace:
>>> ? __die_body.cold+0x1a/0x1f
>>> ? page_fault_oops+0xd2/0x2b0
>>> ? exc_page_fault+0x70/0x170
>>> ? asm_exc_page_fault+0x22/0x30
>>> ? btree_node_free+0xf/0x160 [bcache]
>>> ? up_write+0x32/0x60
>>> btree_gc_coalesce+0x2aa/0x890 [bcache]
>>> ? bch_extent_bad+0x70/0x170 [bcache]
>>> btree_gc_recurse+0x130/0x390 [bcache]
>>> ? btree_gc_mark_node+0x72/0x230 [bcache]
>>> bch_btree_gc+0x5da/0x600 [bcache]
>>> ? cpuusage_read+0x10/0x10
>>> ? bch_btree_gc+0x600/0x600 [bcache]
>>> bch_gc_thread+0x135/0x180 [bcache]
>>> 
>>> The relevant code starts with:
>>> 
>>>   new_nodes[0] = NULL;
>>> 
>>>   for (i = 0; i < nodes; i++) {
>>>       if (__bch_keylist_realloc(&keylist, bkey_u64s(&r[i].b->key)))
>>>           goto out_nocoalesce;
>>>   // ...
>>> out_nocoalesce:
>>>   // ...
>>>   for (i = 0; i < nodes; i++)
>>>       if (!IS_ERR(new_nodes[i])) {  // IS_ERR_OR_NULL before
>>> 028ddcac477b
>>>           btree_node_free(new_nodes[i]);  // new_nodes[0] is NULL
>>>           rw_unlock(true, new_nodes[i]);
>>>       }
>>> 
>>> This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.
>>> 
>>> Fixes: 028ddcac477b ("bcache: Remove unnecessary NULL point check in
>>> node allocations")
>>> Link:
>>> https://lore.kernel.org/all/3DF4A87A-2AC1-4893-AE5F-E921478419A9@suse.de/
>>> Cc: stable@...r.kernel.org
>>> Cc: Zheng Wang <zyytlz.wz@....com>
>>> Cc: Coly Li <colyli@...e.de>
>>> Signed-off-by: Markus Weippert <markus@...mihesg.de>
>> 
>> Added into my for-next.  Thanks for patching up.
> 
> We should probably get this into the current release, rather than punt
> it to 6.8.

Yes, copied. So far I don’t have other bcache patches for 6.7, I feel I might be redundant if I send you another for -rc4 series with this single patch.

Could you please directly take it into -rc4?

Thanks.

Coly Li

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ