lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7df194bf-a5e3-4ec9-928b-67c68eb48eae@oracle.com>
Date: Tue, 5 Nov 2024 17:16:41 +0000
From: John Garry <john.g.garry@...cle.com>
To: Hannes Reinecke <hare@...e.de>, axboe@...nel.dk, song@...nel.org,
        yukuai3@...wei.com, hch@....de
Cc: martin.petersen@...cle.com, linux-block@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-raid@...r.kernel.org,
        Johannes.Thumshirn@....com
Subject: Re: [PATCH v3 1/6] block: Rework bio_split() return value

On 05/11/2024 07:21, Hannes Reinecke wrote:
> On 10/31/24 10:59, John Garry wrote:
>> Instead of returning an inconclusive value of NULL for an error in 
>> calling
>> bio_split(), return a ERR_PTR() always.
>>
>> Also remove the BUG_ON() calls, and WARN_ON_ONCE() instead. Indeed, since
>> almost all callers don't check the return code from bio_split(), we'll
>> crash anyway (for those failures).
>>
>> Fix up the only user which checks bio_split() return code today (directly
>> or indirectly), blk_crypto_fallback_split_bio_if_needed(). The md/bcache
>> code does check the return code in cached_dev_cache_miss() ->
>> bio_next_split() -> bio_split(), but only to see if there was a split, so
>> there would be no change in behaviour here (when returning a ERR_PTR()).
>>
>> Reviewed-by: Christoph Hellwig <hch@....de>
>> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@....com>
>> Signed-off-by: John Garry <john.g.garry@...cle.com>
>> ---
>>   block/bio.c                 | 10 ++++++----
>>   block/blk-crypto-fallback.c |  2 +-
>>   2 files changed, 7 insertions(+), 5 deletions(-)
>>
>> diff --git a/block/bio.c b/block/bio.c
>> index 95e2ee14cea2..7a93724e4a49 100644
>> --- a/block/bio.c
>> +++ b/block/bio.c
>> @@ -1740,16 +1740,18 @@ struct bio *bio_split(struct bio *bio, int 
>> sectors,
>>   {
>>       struct bio *split;
>> -    BUG_ON(sectors <= 0);
>> -    BUG_ON(sectors >= bio_sectors(bio));
>> +    if (WARN_ON_ONCE(sectors <= 0))
>> +        return ERR_PTR(-EINVAL);
>> +    if (WARN_ON_ONCE(sectors >= bio_sectors(bio)))
>> +        return ERR_PTR(-EINVAL);
>>       /* Zone append commands cannot be split */
>>       if (WARN_ON_ONCE(bio_op(bio) == REQ_OP_ZONE_APPEND))
>> -        return NULL;
>> +        return ERR_PTR(-EINVAL);
>>       split = bio_alloc_clone(bio->bi_bdev, bio, gfp, bs);
>>       if (!split)
>> -        return NULL;
>> +        return ERR_PTR(-ENOMEM);
>>       split->bi_iter.bi_size = sectors << 9;
>> diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
>> index b1e7415f8439..29a205482617 100644
>> --- a/block/blk-crypto-fallback.c
>> +++ b/block/blk-crypto-fallback.c
>> @@ -226,7 +226,7 @@ static bool 
>> blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr)
>>           split_bio = bio_split(bio, num_sectors, GFP_NOIO,
>>                         &crypto_bio_split);
>> -        if (!split_bio) {
>> +        if (IS_ERR(split_bio)) {
>>               bio->bi_status = BLK_STS_RESOURCE;
>>               return false;
>>           }
> 
> Don't you need to modify block/bounce.c, too?

Today we have __blk_queue_bounce() -> bio_split(), but the return value 
from bio_split() is not checked for errors (NULL) there, so it is 
already in a poor state.

I will look to remedy that and other callsites which don't check 
bio_split() return value for errors in next phase.

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ