| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241002040616.25193-1-jlee@suse.com>
Date: Wed, 2 Oct 2024 12:06:14 +0800
From: Chun-Yi Lee <joeyli.kernel@...il.com>
To: Justin Sanders <justin@...aid.com>
Cc: Jens Axboe <axboe@...nel.dk>,
Pavel Emelianov <xemul@...nvz.org>,
Kirill Korotaev <dev@...nvz.org>,
"David S . Miller" <davem@...emloft.net>,
Nicolai Stange <nstange@...e.com>,
Greg KH <gregkh@...uxfoundation.org>,
linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org,
Chun-Yi Lee <jlee@...e.com>
Subject: [RFC PATCH 0/2] tracking the references of net_device in aoe
This debug patch series is base on '[PATCH v3] aoe: fix the potential
use-after-free problem in more places' for tracking the reference count
of using net_device in aoeif. It adds a nd_pcpu_refcnt field in aoeif
structure. And two wrappers, nd_dev_hold() and nd_dev_put() are used to
call dev_hold(nd)/dev_put(nd) and maintain ifp->nd_pcpu_refcnt at the
same time.
Defined DEBUG to the top of the aoe.h can enable the tracking function.
The nd_pcpu_refcnt will be printed to debugfs:
rttavg: 249029 rttdev: 1781043
nskbpool: 0
kicked: 0
maxbcnt: 1024
ref: 0
falloc: 36
ffree: 0000000013c0033f
52540054c48e:0:16:16
ssthresh:8
taint:0
r:1270
w:8
enp1s0:1 <-- the aoeif->nd_pcpu_refcnt is behind nd->name
The value of aoeif->nd_pcpu_refcnt will also be printed when 'rmmod aoe':
[23412.255237][ T2857] aoe: enp1s0->refcnt: 32, aoeif->nd_refcnt: 0
Using kernel dynamic debug can print more detail log but it causes extra
overhead:
echo -n 'file drivers/block/aoe/* +p' > /sys/kernel/debug/dynamic_debug/control
[ 6961.938642] aoe: tx dev_put enp1s0->refcnt: 31, aoeif->nd_refcnt: 1
[ 7023.368814] aoe: aoecmd_cfg_pkts dev_hold lo->refcnt: 30
[ 7023.370530] aoe: aoecmd_cfg_pkts dev_hold enp1s0->refcnt: 32, aoeif->nd_refcnt: 2
[ 7023.372977] aoe: tx dev_put lo->refcnt: 29
[ 7023.375147] aoe: tx dev_put enp1s0->refcnt: 31, aoeif->nd_refcnt: 1
Normally, after one operation of aoe, the aoeif->nd_refcnt should be
shown as '1' which means that calls of dev_hold(nd)/dev_put(nd) are
balanced. The final '1' reference of net_device will be removed when
rmmod aoe.
Chun-Yi Lee (2):
aoe: add reference count in aoeif for tracking the using of net_device
aoe: using wrappers instead of dev_hold/dev_put for tracking the
references of net_device in aoeif
drivers/block/aoe/aoe.h | 84 ++++++++++++++++++++++++++++++++++++++
drivers/block/aoe/aoeblk.c | 5 +++
drivers/block/aoe/aoecmd.c | 24 +++++------
drivers/block/aoe/aoedev.c | 23 ++++++++++-
drivers/block/aoe/aoenet.c | 2 +-
5 files changed, 124 insertions(+), 14 deletions(-)
--
2.35.3
Powered by blists - more mailing lists