| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 May 2024 06:56:04 -0400 From: Jeff Layton <jlayton@...nel.org> To: libaokun@...weicloud.com, netfs@...ts.linux.dev, dhowells@...hat.com Cc: hsiangkao@...ux.alibaba.com, jefflexu@...ux.alibaba.com, zhujia.zj@...edance.com, linux-erofs@...ts.ozlabs.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, yangerkun@...wei.com, houtao1@...wei.com, yukuai3@...wei.com, wozizhi@...wei.com, Baokun Li <libaokun1@...wei.com> Subject: Re: [PATCH v2 00/12] cachefiles: some bugfixes and cleanups for ondemand requests On Wed, 2024-05-15 at 16:45 +0800, libaokun@...weicloud.com wrote: > From: Baokun Li <libaokun1@...wei.com> > > Hi all! > > This is the second version of this patch series. Thank you, Jia Zhu and > Jingbo Xu, for the feedback in the previous version. > > We've been testing ondemand mode for cachefiles since January, and we're > almost done. We hit a lot of issues during the testing period, and this > patch set fixes some of the issues related to ondemand requests. > The patches have passed internal testing without regression. > > The following is a brief overview of the patches, see the patches for > more details. > > Patch 1-5: Holding reference counts of reqs and objects on read requests > to avoid malicious restore leading to use-after-free. > > Patch 6-10: Add some consistency checks to copen/cread/get_fd to avoid > malicious copen/cread/close fd injections causing use-after-free or hung. > > Patch 11: When cache is marked as CACHEFILES_DEAD, flush all requests, > otherwise the kernel may be hung. since this state is irreversible, the > daemon can read open requests but cannot copen. > > Patch 12: Allow interrupting a read request being processed by killing > the read process as a way of avoiding hung in some special cases. > > Comments and questions are, as always, welcome. > Please let me know what you think. > > Thanks, > Baokun > > Changes since v1: > * Collect RVB from Jia Zhu and Jingbo Xu.(Thanks for your review!) > * Pathch 1: Add Fixes tag and enrich the commit message. > * Pathch 7: Add function graph comments. > * Pathch 8: Update commit message and comments. > * Pathch 9: Enriched commit msg. > > Baokun Li (11): > cachefiles: remove request from xarry during flush requests > cachefiles: remove err_put_fd tag in cachefiles_ondemand_daemon_read() > cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() > cachefiles: fix slab-use-after-free in > cachefiles_ondemand_daemon_read() > cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd > cachefiles: add consistency check for copen/cread > cachefiles: add spin_lock for cachefiles_ondemand_info > cachefiles: never get a new anonymous fd if ondemand_id is valid > cachefiles: defer exposing anon_fd until after copy_to_user() succeeds > cachefiles: flush all requests after setting CACHEFILES_DEAD > cachefiles: make on-demand read killable > > Zizhi Wo (1): > cachefiles: Set object to close if ondemand_id < 0 in copen > > fs/cachefiles/daemon.c | 3 +- > fs/cachefiles/internal.h | 5 + > fs/cachefiles/ondemand.c | 218 ++++++++++++++++++++++-------- > include/trace/events/cachefiles.h | 8 +- > 4 files changed, 177 insertions(+), 57 deletions(-) > Looks like most of these are fixes inside the ondemand code, which I don't have the greatest grasp of, so... Acked-by: Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists