Re: [PATCH 12/15] block: switch polling to be bio based

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 28, 2021 at 10:28:10AM +0800, Ming Lei wrote:

> ...

Can you please avoid the full quote?

> > +	 *  1) the bio is beeing initialized and bi_bdev is NULL.  We can just
> > +	 *     simply nothing in this case
> > +	 *  2) the bio points to a not poll enabled device.  bio_poll will catch
> > +	 *     this and return 0
> > +	 *  3) the bio points to a poll capable device, including but not
> > +	 *     limited to the one that the original bio pointed to.  In this
> > +	 *     case we will call into the actual poll method and poll for I/O,
> > +	 *     even if we don't need to, but it won't cause harm either.
> > +	 */
> > +	rcu_read_lock();
> > +	bio = READ_ONCE(kiocb->private);
> > +	if (bio && bio->bi_bdev)
> 
> ->bi_bdev and associated disk/request_queue/hctx/... refrerred in bio_poll()
> may have being freed now, so there is UAF risk.

the block device is RCU freed, so we are fine there.  There rest OTOH
is more interesting.  Let me think of a good defense using some kind
of liveness check.



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux