| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19a4ecf1149.3c8a574d835968.4993900419375442453@linux.beauty>
Date: Tue, 04 Nov 2025 20:19:44 +0800
From: Li Chen <me@...ux.beauty>
To: "Jonathan Cameron" <jonathan.cameron@...wei.com>
Cc: "dm-devel" <dm-devel@...ts.linux.dev>,
"linux-kernel" <linux-kernel@...r.kernel.org>,
"Dongsheng Yang" <dongsheng.yang@...ux.dev>,
"Zheng Gu" <cengku@...il.com>
Subject: Re: [PATCH 3/3] dm-pcache: avoid leaking invalid metadata in
pcache_meta_find_latest()
Hi Jonathan,
---- On Mon, 03 Nov 2025 19:38:03 +0800 Jonathan Cameron <jonathan.cameron@...wei.com> wrote ---
> On Thu, 30 Oct 2025 20:33:21 +0800
> Li Chen <me@...ux.beauty> wrote:
>
> > From: Li Chen <chenl311@...natelecom.cn>
> >
> > Before this change pcache_meta_find_latest() was copying each
> > slot directly into meta_ret while scanning. If no valid slot
> > was found and the function returned NULL, meta_ret still held
> > whatever was last copied (possibly CRC-bad). Later users
> > (e.g. cache_segs_init) could mistakenly trust that data.
> >
> > Allocate a temporary buffer instead and only populate meta_ret after a
> > valid/latest header is found. If no valid header exists we return NULL
> > without touching meta_ret.
> >
> > Also add __free(kvfree) so the temporary buffer is always freed, and
> > include the needed headers.
> >
> > Signed-off-by: Li Chen <chenl311@...natelecom.cn>
> > ---
> > drivers/md/dm-pcache/pcache_internal.h | 13 +++++++++----
> > 1 file changed, 9 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/md/dm-pcache/pcache_internal.h b/drivers/md/dm-pcache/pcache_internal.h
> > index b7a3319d2bd3e..ac28f9dd2986f 100644
> > --- a/drivers/md/dm-pcache/pcache_internal.h
> > +++ b/drivers/md/dm-pcache/pcache_internal.h
> > @@ -4,6 +4,8 @@
> >
> > #include <linux/delay.h>
> > #include <linux/crc32c.h>
> > +#include <linux/slab.h>
> > +#include <linux/cleanup.h>
> >
> > #define pcache_err(fmt, ...) \
> > pr_err("dm-pcache: %s:%u " fmt, __func__, __LINE__, ##__VA_ARGS__)
> > @@ -79,14 +81,17 @@ static inline void __must_check *pcache_meta_find_latest(struct pcache_meta_head
> > u32 meta_size, u32 meta_max_size,
> > void *meta_ret)
> > {
> > - struct pcache_meta_header *meta, *latest = NULL;
> > + struct pcache_meta_header *latest = NULL;
> > + struct pcache_meta_header *meta __free(kvfree);
> > u32 i, seq_latest = 0;
> > - void *meta_addr;
> >
> > - meta = meta_ret;
> > + meta = kvzalloc(meta_size, GFP_KERNEL);
> See the guidance notes in cleanup.h THis hsould be
>
> struct pcache_meta_header *meta __free(kvfree) =
> kvzalloc(meta_size, GFP_KERNEL);
>
> That is the constructor and destructor must be together. Inline variable
> declarations are fine for this one type of use.
I appreciate your suggestion very much.
Regards,
Li
Powered by blists - more mailing lists