From: Jens Axboe <axboe@kernel.dk>
To: Ming Lei <ming.lei@redhat.com>, Jan Kara <jack@suse.cz>
Cc: linux-block@vger.kernel.org, tristmd@gmail.com, stable@vger.kernel.org
Subject: Re: [PATCH] blktrace: Protect q->blk_trace with RCU
Date: Tue, 25 Feb 2020 08:40:21 -0700 [thread overview]
Message-ID: <8e0e19dd-66b2-16bc-5251-e26847cfe9a5@kernel.dk> (raw)
In-Reply-To: <20200225102045.GB1771@ming.t460p>
On 2/25/20 3:20 AM, Ming Lei wrote:
> On Wed, Feb 19, 2020 at 01:59:47PM +0100, Jan Kara wrote:
>> On Thu 06-02-20 15:28:12, Jan Kara wrote:
>>> KASAN is reporting that __blk_add_trace() has a use-after-free issue
>>> when accessing q->blk_trace. Indeed the switching of block tracing (and
>>> thus eventual freeing of q->blk_trace) is completely unsynchronized with
>>> the currently running tracing and thus it can happen that the blk_trace
>>> structure is being freed just while __blk_add_trace() works on it.
>>> Protect accesses to q->blk_trace by RCU during tracing and make sure we
>>> wait for the end of RCU grace period when shutting down tracing. Luckily
>>> that is rare enough event that we can afford that. Note that postponing
>>> the freeing of blk_trace to an RCU callback should better be avoided as
>>> it could have unexpected user visible side-effects as debugfs files
>>> would be still existing for a short while block tracing has been shut
>>> down.
>>>
>>> Link: https://bugzilla.kernel.org/show_bug.cgi?id=205711
>>> CC: stable@vger.kernel.org
>>> Reported-by: Tristan <tristmd@gmail.com>
>>> Signed-off-by: Jan Kara <jack@suse.cz>
>>
>> Jens, do you plan to pick up the patch? Also the reporter asked me to
>> update the reference as:
>>
>> Reported-by: Tristan Madani <tristmd@gmail.com>
>>
>> Should I resend the patch with this update & reviewed-by's or will you fix
>> it up on commit? Thanks.
>>
>
> I have run concurrent quick/repeated blktrace & long-time heavy IO, looks
> this patch just works fine, so:
>
> Tested-by: Ming Lei <ming.lei@redhat.com>
>
> Jens, any chance to take a look at this CVE issue?
Queued up for 5.6, thanks everyone.
--
Jens Axboe
next prev parent reply other threads:[~2020-02-25 15:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-06 14:28 [PATCH] blktrace: Protect q->blk_trace with RCU Jan Kara
2020-02-06 18:46 ` Chaitanya Kulkarni
2020-02-06 18:49 ` Jens Axboe
2020-02-06 19:37 ` Chaitanya Kulkarni
2020-02-10 0:38 ` Chaitanya Kulkarni
2020-02-10 2:19 ` Ming Lei
2020-02-10 3:54 ` Bart Van Assche
2020-02-19 12:59 ` Jan Kara
2020-02-25 10:20 ` Ming Lei
2020-02-25 15:40 ` Jens Axboe [this message]
2020-03-02 20:40 ` Bjorn Helgaas
2020-03-02 21:19 ` Chaitanya Kulkarni
2020-03-02 21:59 ` Bjorn Helgaas
2020-03-02 22:06 ` Keith Busch
2020-03-03 11:07 ` Cengiz Can
2020-03-03 12:17 ` Greg KH
2020-03-05 1:51 ` Ming Lei
2020-03-05 4:27 ` Cengiz Can
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8e0e19dd-66b2-16bc-5251-e26847cfe9a5@kernel.dk \
--to=axboe@kernel.dk \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=ming.lei@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tristmd@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).