| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7df194bf-a5e3-4ec9-928b-67c68eb48eae@oracle.com>
Date: Tue, 5 Nov 2024 17:16:41 +0000
From: John Garry <john.g.garry@...cle.com>
To: Hannes Reinecke <hare@...e.de>, axboe@...nel.dk, song@...nel.org,
yukuai3@...wei.com, hch@....de
Cc: martin.petersen@...cle.com, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-raid@...r.kernel.org,
Johannes.Thumshirn@....com
Subject: Re: [PATCH v3 1/6] block: Rework bio_split() return value
On 05/11/2024 07:21, Hannes Reinecke wrote:
> On 10/31/24 10:59, John Garry wrote:
>> Instead of returning an inconclusive value of NULL for an error in
>> calling
>> bio_split(), return a ERR_PTR() always.
>>
>> Also remove the BUG_ON() calls, and WARN_ON_ONCE() instead. Indeed, since
>> almost all callers don't check the return code from bio_split(), we'll
>> crash anyway (for those failures).
>>
>> Fix up the only user which checks bio_split() return code today (directly
>> or indirectly), blk_crypto_fallback_split_bio_if_needed(). The md/bcache
>> code does check the return code in cached_dev_cache_miss() ->
>> bio_next_split() -> bio_split(), but only to see if there was a split, so
>> there would be no change in behaviour here (when returning a ERR_PTR()).
>>
>> Reviewed-by: Christoph Hellwig <hch@....de>
>> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@....com>
>> Signed-off-by: John Garry <john.g.garry@...cle.com>
>> ---
>> block/bio.c | 10 ++++++----
>> block/blk-crypto-fallback.c | 2 +-
>> 2 files changed, 7 insertions(+), 5 deletions(-)
>>
>> diff --git a/block/bio.c b/block/bio.c
>> index 95e2ee14cea2..7a93724e4a49 100644
>> --- a/block/bio.c
>> +++ b/block/bio.c
>> @@ -1740,16 +1740,18 @@ struct bio *bio_split(struct bio *bio, int
>> sectors,
>> {
>> struct bio *split;
>> - BUG_ON(sectors <= 0);
>> - BUG_ON(sectors >= bio_sectors(bio));
>> + if (WARN_ON_ONCE(sectors <= 0))
>> + return ERR_PTR(-EINVAL);
>> + if (WARN_ON_ONCE(sectors >= bio_sectors(bio)))
>> + return ERR_PTR(-EINVAL);
>> /* Zone append commands cannot be split */
>> if (WARN_ON_ONCE(bio_op(bio) == REQ_OP_ZONE_APPEND))
>> - return NULL;
>> + return ERR_PTR(-EINVAL);
>> split = bio_alloc_clone(bio->bi_bdev, bio, gfp, bs);
>> if (!split)
>> - return NULL;
>> + return ERR_PTR(-ENOMEM);
>> split->bi_iter.bi_size = sectors << 9;
>> diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
>> index b1e7415f8439..29a205482617 100644
>> --- a/block/blk-crypto-fallback.c
>> +++ b/block/blk-crypto-fallback.c
>> @@ -226,7 +226,7 @@ static bool
>> blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr)
>> split_bio = bio_split(bio, num_sectors, GFP_NOIO,
>> &crypto_bio_split);
>> - if (!split_bio) {
>> + if (IS_ERR(split_bio)) {
>> bio->bi_status = BLK_STS_RESOURCE;
>> return false;
>> }
>
> Don't you need to modify block/bounce.c, too?
Today we have __blk_queue_bounce() -> bio_split(), but the return value
from bio_split() is not checked for errors (NULL) there, so it is
already in a poor state.
I will look to remedy that and other callsites which don't check
bio_split() return value for errors in next phase.
Thanks,
John
Powered by blists - more mailing lists