| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jan 2024 07:56:39 +0100 From: Hannes Reinecke <hare@...e.de> To: Damien Le Moal <dlemoal@...nel.org>, Mikulas Patocka <mpatocka@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org> Cc: Tejun Heo <tj@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org, dm-devel@...ts.linux.dev, Mike Snitzer <msnitzer@...hat.com>, Ignat Korchagin <ignat@...udflare.com>, Damien Le Moal <damien.lemoal@....com>, Hou Tao <houtao1@...wei.com>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com> Subject: Re: [PATCH] softirq: fix memory corruption when freeing tasklet_struct On 1/26/24 00:15, Damien Le Moal wrote: > On 1/26/24 07:04, Mikulas Patocka wrote: >> >> >> On Thu, 25 Jan 2024, Linus Torvalds wrote: >> >>> On Thu, 25 Jan 2024 at 10:30, Mikulas Patocka <mpatocka@...hat.com> wrote: >>>> >>>> There's a problem with the tasklet API - there is no reliable way how to >>>> free a structure that contains tasklet_struct. The problem is that the >>>> function tasklet_action_common calls task_unlock(t) after it called the >>>> callback. If the callback does something that frees tasklet_struct, >>>> task_unlock(t) would write into free memory. >>> >>> Ugh. >>> >>> I see what you're doing, but I have to say, I dislike this patch >>> immensely. It feels like a serious misdesign that is then papered over >>> with a hack. >>> >>> I'd much rather see us trying to move away from tasklets entirely in >>> cases like this. Just say "you cannot do that". >> >> OK. I will delete tasklets from both dm-crypt and dm-verity - it will >> simplify them quite a bit. >> >> BTW. Do you think that we should get rid of request-based device mapper as >> well? (that's another thing that looks like code bloat to me) > > That would force removing dm-multipath, which is I think the only DM driver > using requests. But given how widespread the use of dm-multipath is, killing it > would likely make a lot of people unhappy... > Oh, it's this time of the year again? (This topic regularly comes up ...) The reason is not that it will disable dm-multipath (Mike Snitzer put in bio-based multipathing as an additional code path); the reason is that dm-multipath performance will suffer when you remove request-based DM. DM-multipath schedules based on request (if you use the request-based interface) or bios (if you use the bio-based interface). Any merge decision is typically done by the block layer when combining bios into requests; and you can only merge bios if the bvecs are adjacent. So if you use bio-based multipathing you will spread sequential bios across all paths, leaving the block layer unable to merge requests. For request based multipathing the requests are already fully-formed, and scheduling across paths does not change them. Things are slightly better with multi-page bvecs nowadays, but the overall picture still stands. Another thing is timeouts; bios don't do timeouts, so a bio can run for an arbitrary time with no chance of interrupting it. Requests do have a timeout, and will be aborted from the driver when the timeout is hit. Seeing that 99% of all I/O issues I've seen _are_ timeouts it becomes a crucial feature if you want dm-multipath to control failover time. Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@...e.de +49 911 74053 688 SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Ivo Totev, Andrew McDonald, Werner Knoblich
Powered by blists - more mailing lists