lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1e25d17b-f481-485c-85a6-d5a8440c1c96@acm.org>
Date: Tue, 17 Jun 2025 15:25:34 -0700
From: Bart Van Assche <bvanassche@....org>
To: Elijah Wright <git@...jahs.space>, Jens Axboe <axboe@...nel.dk>,
 linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] block: mq-deadline: check if elevator is attached to
 queue in dd_finish_request

On 6/17/25 1:56 PM, Elijah Wright wrote:
> in dd_finish_request(), per_prio points to a rq->elv.priv[0], which could be
> free memory if an in-flight requests completes after its associated scheduler
> has been freed
> 
> Signed-off-by: Elijah Wright <git@...jahs.space>
> ---
>   block/mq-deadline.c | 16 +++++++++-------
>   1 file changed, 9 insertions(+), 7 deletions(-)
> 
> diff --git a/block/mq-deadline.c b/block/mq-deadline.c
> index 2edf1cac06d5..4d7b21b144d3 100644
> --- a/block/mq-deadline.c
> +++ b/block/mq-deadline.c
> @@ -751,13 +751,15 @@ static void dd_finish_request(struct request *rq)
>   {
>   	struct dd_per_prio *per_prio = rq->elv.priv[0];
>   
> -	/*
> -	 * The block layer core may call dd_finish_request() without having
> -	 * called dd_insert_requests(). Skip requests that bypassed I/O
> -	 * scheduling. See also blk_mq_request_bypass_insert().
> -	 */
> -	if (per_prio)
> -		atomic_inc(&per_prio->stats.completed);
> +	if (rq->q->elevator) {
> +		/*
> +		* The block layer core may call dd_finish_request() without having
> +		* called dd_insert_requests(). Skip requests that bypassed I/O
> +		* scheduling. See also blk_mq_request_bypass_insert().
> +		*/
> +		if (per_prio)
> +			atomic_inc(&per_prio->stats.completed);
> +	}
>   }

The warnings in dd_exit_sched() will be triggered if dd_finish_request()
is ever called with rq->q->elevator == NULL.

If this can happen, it should be fixed in the block layer core instead
of in the mq-deadline scheduler.

Thanks,

Bart.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ