lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 29 Apr 2024 13:56:53 -0700
From: Fenghua Yu <fenghua.yu@...el.com>
To: Dave Jiang <dave.jiang@...el.com>, Vinod Koul <vkoul@...nel.org>
CC: <dmaengine@...r.kernel.org>, linux-kernel <linux-kernel@...r.kernel.org>,
	Lijun Pan <lijun.pan@...el.com>
Subject: Re: [PATCH] dmaengine: idxd: Avoid unnecessary destruction of
 file_ida

Hi, Vinod,

On 1/30/24 07:34, Dave Jiang wrote:
> 
> 
> On 1/29/24 18:39, Fenghua Yu wrote:
>> file_ida is allocated during cdev open and is freed accordingly
>> during cdev release. This sequence is guaranteed by driver file
>> operations. Therefore, there is no need to destroy an already empty
>> file_ida when the WQ cdev is removed.
>>
>> Worse, ida_free() in cdev release may happen after destruction of
>> file_ida per WQ cdev. This can lead to accessing an id in file_ida
>> after it has been destroyed, resulting in a kernel panic.
>>
>> Remove ida_destroy(&file_ida) to address these issues.
>>
>> Fixes: e6fd6d7e5f0f ("dmaengine: idxd: add a device to represent the file opened")
>> Signed-off-by: Lijun Pan <lijun.pan@...el.com>
>> Signed-off-by: Fenghua Yu <fenghua.yu@...el.com>
> 
> Reviewed-by: Dave Jiang <dave.jiang@...el.com>
>> ---
>>   drivers/dma/idxd/cdev.c | 1 -
>>   1 file changed, 1 deletion(-)
>>
>> diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c
>> index baa51927675c..3311c920f47a 100644
>> --- a/drivers/dma/idxd/cdev.c
>> +++ b/drivers/dma/idxd/cdev.c
>> @@ -1272,7 +1272,6 @@ void idxd_wq_del_cdev(struct idxd_wq *wq)
>>   	struct idxd_cdev *idxd_cdev;
>>   
>>   	idxd_cdev = wq->idxd_cdev;
>> -	ida_destroy(&file_ida);
>>   	wq->idxd_cdev = NULL;
>>   	cdev_device_del(&idxd_cdev->cdev, cdev_dev(idxd_cdev));
>>   	put_device(cdev_dev(idxd_cdev));

I noticed this patch was not merged to upstream yet. The patch is still 
cleanly applied to upstream.

Could you please help merge this patch?

Thanks.

-Fenghua

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ