lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Jan 2024 08:15:13 +0900
From: Damien Le Moal <dlemoal@...nel.org>
To: Mikulas Patocka <mpatocka@...hat.com>,
 Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Tejun Heo <tj@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
 linux-kernel@...r.kernel.org, dm-devel@...ts.linux.dev,
 Mike Snitzer <msnitzer@...hat.com>, Ignat Korchagin <ignat@...udflare.com>,
 Damien Le Moal <damien.lemoal@....com>, Hou Tao <houtao1@...wei.com>,
 Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH] softirq: fix memory corruption when freeing
 tasklet_struct

On 1/26/24 07:04, Mikulas Patocka wrote:
> 
> 
> On Thu, 25 Jan 2024, Linus Torvalds wrote:
> 
>> On Thu, 25 Jan 2024 at 10:30, Mikulas Patocka <mpatocka@...hat.com> wrote:
>>>
>>> There's a problem with the tasklet API - there is no reliable way how to
>>> free a structure that contains tasklet_struct. The problem is that the
>>> function tasklet_action_common calls task_unlock(t) after it called the
>>> callback. If the callback does something that frees tasklet_struct,
>>> task_unlock(t) would write into free memory.
>>
>> Ugh.
>>
>> I see what you're doing, but I have to say, I dislike this patch
>> immensely. It feels like a serious misdesign that is then papered over
>> with a hack.
>>
>> I'd much rather see us trying to move away from tasklets entirely in
>> cases like this. Just say "you cannot do that".
> 
> OK. I will delete tasklets from both dm-crypt and dm-verity - it will 
> simplify them quite a bit.
> 
> BTW. Do you think that we should get rid of request-based device mapper as 
> well? (that's another thing that looks like code bloat to me)

That would force removing dm-multipath, which is I think the only DM driver
using requests. But given how widespread the use of dm-multipath is, killing it
would likely make a lot of people unhappy...

-- 
Damien Le Moal
Western Digital Research


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ