Received: by 10.192.165.156 with SMTP id m28csp590695imm;
        Tue, 17 Apr 2018 15:58:24 -0700 (PDT)
X-Google-Smtp-Source: AIpwx482FeoMZ+dQzV7eJP0GSi3BBSt7+jZgV9AFEKmnZLqOg5d/ATHQNmBe1VmsBox2yGKrckGn
X-Received: by 2002:a17:902:bb81:: with SMTP id m1-v6mr3728285pls.71.1524005904719;
        Tue, 17 Apr 2018 15:58:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524005904; cv=none;
        d=google.com; s=arc-20160816;
        b=EKdP1gCwTE6Z58VzCk44XlS17cMvxOaI5By09WqYrpUN7O7Vd5Pgudn9/0mRt7eECj
         mt25pg/5vQ8+5AhK2vBnIAYBz3IxkZQsRLHE/nBp19hADhHIVXsLluijNF19XQ8+gy7F
         gzw/fz6iRVRv+lwwdyPtp9Ig+1cA5iuxOwpR3dJsP+lFMQLb1UhRnrPru4in3hefg+nu
         KmbaPzQQO6ZJr8oAW5BCKflJpDiqhM4gyR8GwWSfC91cdgRIeqZZXPmXku102sr97mDZ
         rNp2DQAwNE2d7kDX/bHvCMbfIneslm6nMS799QiGT/PW0n+us2mp2przd9SqU2a+mPBd
         Niqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=Xwxcm8S02aB8SKtOTAN+2utC2rmx4IZE9WY4ktGfWss=;
        b=WUTbg8SkHAOO0/Emz7hXqlfCZYaAj71B00rB27KY1Zt0ejE6Ax7a77rrEWgmac2QzR
         kZ0wBUea3iLrP0z2RXyR3Ss40zcjWaK30u70bSvxqLPf2n8Xt4zT2DPdwQMnCJ/R0edN
         HTBnrq7R1ewBjhkpDtCDj/ccYvBcYPuH/sueg2DOslXLHvQT+XNiyuDnhllDQjsDETwr
         oZwfKTalkvsXhW0WWdcYzusmbvkccBugccuFyzKu4ieV/JPUx/jqSmYeprAJvwR88rfA
         jhNMz0mQzD7ZL4lRAOTV8phxA7BHQ/AfsVOnIZfFhx2p8SwaZugP+zuEGhIZZE+FOvCx
         Cm3A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=N2XL8ITy;
       dkim=fail header.i=@chromium.org header.s=google header.b=ZQVbksUa;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m14si12548680pgs.190.2018.04.17.15.58.10;
        Tue, 17 Apr 2018 15:58:24 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=N2XL8ITy;
       dkim=fail header.i=@chromium.org header.s=google header.b=ZQVbksUa;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752620AbeDQW5E (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Tue, 17 Apr 2018 18:57:04 -0400
Received: from mail-ua0-f171.google.com ([209.85.217.171]:44036 "EHLO
        mail-ua0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751164AbeDQW5C (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Apr 2018 18:57:02 -0400
Received: by mail-ua0-f171.google.com with SMTP id r16so13710815uak.11
        for <linux-kernel@vger.kernel.org>; Tue, 17 Apr 2018 15:57:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=Xwxcm8S02aB8SKtOTAN+2utC2rmx4IZE9WY4ktGfWss=;
        b=N2XL8ITyVjbHn2hBLFh96YJZQAUFEdf7RP83iyT34ZftrE7kvDPwyAiCSUWq17myVi
         ahGFr/X3ygSggpqbVKfUgADU2obQTsfyZ5Tsdk1TI8lDVtiZo8mYs8Tv/mGHQIX1Hbxy
         mEeF9DNidu9BD1Z663cqqMJU2GwbpLT8z2WnJY5VaVlTeL8k9xSxPM5A2AbcHLh96J/I
         mVd+P4qe8w/jWn1Oq8rjrwY3bPP65ovsPLep89QVSmqVb1BXKxe/PRIfsVG/L5JSHneT
         TVto3V2ibB3HF92AhHBphJgtGNWHJqjxk6TWAUPB70fsRz/anKzZRmMT0B2vyhSQ9p3v
         EWyA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=Xwxcm8S02aB8SKtOTAN+2utC2rmx4IZE9WY4ktGfWss=;
        b=ZQVbksUaMF7Na2PgBXrT2Jg4nu56WzeZICAtkvP6DjR3atcr1UVlxAEB7BM2J5UbKW
         fb95pqyHtr5sXN9hGruWDRbd1hOO5XAXKi+R9liBd66P8Z6+gUgz5r2hLD86m9mAYeLm
         ABJN1v3mRcgsBGjai5/4BE7WS+c1qfa/Hi9EE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=Xwxcm8S02aB8SKtOTAN+2utC2rmx4IZE9WY4ktGfWss=;
        b=a21oZFfZIRLRof0LMfiM4Z1BzcKKkpSiu8973LMkQ/fL12WaCdfcDu20QVwVNqtACN
         XWNTil6E5kw39TaB+8R5ES/lKz3Ji2EOrqHchvBnbLc9KNL2udFCgY2QNzSzp0PARu5I
         CB8QefirD/f+ABOIlFVs15fwhLufUdxRYHs3Klr9Y58ZQC/JiOZ2lCHEIBzxTB5Z1EB2
         C8UmJt++5HSyx+atvCFCd1FWP46lpUJWxNXtsjc8fuwqb0Jf+xOSJhEZgfSQ6YGCelPp
         6VNR24CDshoOl0UdYF9LUzRVpmlht3xpMHBAhYlEyckl8rwbh/veE5Wb2iDW8kReKtWG
         2gng==
X-Gm-Message-State: ALQs6tA9U3xUplY4Nturip3mP07143/9sREuk6Rx2ETo06EwMoaYzxdW
        Uhz5W6Uqt03IEguKMJJecLwqJHj0MYwCe08UFc3EzQ==
X-Received: by 10.176.0.178 with SMTP id 47mr2957917uaj.74.1524005821459; Tue,
 17 Apr 2018 15:57:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.164.81 with HTTP; Tue, 17 Apr 2018 15:57:00 -0700 (PDT)
In-Reply-To: <7d192394-568c-53e0-4359-723769c3ed7d@kernel.dk>
References: <20180417214218.GA44753@beast> <7d192394-568c-53e0-4359-723769c3ed7d@kernel.dk>
From:   Kees Cook <keescook@chromium.org>
Date:   Tue, 17 Apr 2018 15:57:00 -0700
X-Google-Sender-Auth: baNj9grqFpHw0TKSKLZamAJR4hA
Message-ID: <CAGXu5jLLn9HxkR0G6=-Qqjr__=ya_NM3zCLsZwa1V5m7fisQ5A@mail.gmail.com>
Subject: Re: [PATCH] blk-mq: Clear out elevator private data
To:     Jens Axboe <axboe@kernel.dk>
Cc:     Oleksandr Natalenko <oleksandr@natalenko.name>,
        LKML <linux-kernel@vger.kernel.org>,
        Paolo Valente <paolo.valente@linaro.org>,
        Bart Van Assche <bart.vanassche@wdc.com>,
        David Windsor <dave@nullcore.net>,
        "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        linux-scsi@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
        Hannes Reinecke <hare@suse.com>,
        Johannes Thumshirn <jthumshirn@suse.de>,
        linux-block@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 17, 2018 at 2:45 PM, Jens Axboe <axboe@kernel.dk> wrote:
> On 4/17/18 3:42 PM, Kees Cook wrote:
>> Some elevators may not correctly check rq->rq_flags & RQF_ELVPRIV, and
>> may attempt to read rq->elv fields. When requests got reused, this
>> caused BFQ to think it already had a bfqq (rq->elv.priv[1]) allocated.
>> This could lead to odd behaviors like having the sense buffer address
>> slowly start incrementing. This eventually tripped HARDENED_USERCOPY
>> and KASAN.
>>
>> This patch wipes all of rq->elv instead of just rq->elv.icq. While
>> it shouldn't technically be needed, this ends up being a robustness
>> improvement that should lead to at least finding bugs in elevators faster.
>
> Comments from the other email still apply, we should not need to do this
> full memset() for every request. From a quick look, BFQ needs to straighten
> out its usage of prepare request and interactions with insert_request.

Sure, understood. I would point out, FWIW, that memset() gets unrolled
by the compiler and this is just two more XORs in the same cacheline
(the two words following icq). (And there is SO much more being
cleared during alloc, it didn't seem like hardly any extra cost vs the
robustness it provided.)

-Kees

-- 
Kees Cook
Pixel Security