lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z9WJfyaaF1s_eJg_@eldamar.lan>
Date: Sat, 15 Mar 2025 15:06:55 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: Max Kellermann <max.kellermann@...os.com>
Cc: dhowells@...hat.com, netfs@...ts.linux.dev,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH RESEND] fs/netfs/read_collect: add to next->prev_donated

Hi,

On Thu, Feb 20, 2025 at 04:24:50PM +0100, Max Kellermann wrote:
> If multiple subrequests donate data to the same "next" request
> (depending on the subrequest completion order), each of them would
> overwrite the `prev_donated` field, causing data corruption and a
> BUG() crash ("Can't donate prior to front").
> 
> Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
> Closes: https://lore.kernel.org/netfs/CAKPOu+_4mUwYgQtRTbXCmi+-k3PGvLysnPadkmHOyB7Gz0iSMA@mail.gmail.com/
> Cc: stable@...r.kernel.org
> Signed-off-by: Max Kellermann <max.kellermann@...os.com>
> Signed-off-by: David Howells <dhowells@...hat.com>
> ---
>  fs/netfs/read_collect.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c
> index 8878b46589ff..cafadfe8e858 100644
> --- a/fs/netfs/read_collect.c
> +++ b/fs/netfs/read_collect.c
> @@ -284,7 +284,7 @@ static bool netfs_consume_read_data(struct netfs_io_subrequest *subreq, bool was
>  				   netfs_trace_donate_to_deferred_next);
>  	} else {
>  		next = list_next_entry(subreq, rreq_link);
> -		WRITE_ONCE(next->prev_donated, excess);
> +		WRITE_ONCE(next->prev_donated, next->prev_donated + excess);
>  		trace_netfs_donate(rreq, subreq, next, excess,
>  				   netfs_trace_donate_to_next);
>  	}
> -- 
> 2.47.2

Unless I did some mistakes researching both the stable, netfs lists,
did this felt through the cracks and is still missing for to be picked
for the 6.12.y and 6.13.y series?

Regards,
Salvatore

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ