Received: by 10.192.165.156 with SMTP id m28csp594374imm; Tue, 17 Apr 2018 16:02:10 -0700 (PDT) X-Google-Smtp-Source: AIpwx48BNsAkmxRIP1rPW6MgaKsuYXK7MQ1mucb5WObONsEjiiLShO93gxCe7aZIDz7yU4qtV4d6 X-Received: by 10.98.207.130 with SMTP id b124mr3641147pfg.9.1524006130752; Tue, 17 Apr 2018 16:02:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524006130; cv=none; d=google.com; s=arc-20160816; b=FuSX2lpHpWaZ6ZHqYRCxjAwEGzKwN3UV75QoAL1orP3MD2HRQC7kf5tjLP0RITqpz0 2x2cu2O36wjK4L+/YQCJOgo6yBEMSSvypYtMHwbS8Jq3NZBE/9UtXyrKCC07YzEKetou u85dpBuZ8FV3qFo3rSNjtepGc+BrAoM/BmguGU6iNdWjnX/FaaIFHCD3K5mhYNNCPwBt N9F8E19J/6colkbI4oXtnz9OFU0O1GFpojWUuZXNi59e+jETxSTKjLxQpKDo2fdxfPtY 5BSArw5TQCv0OzWez0UeNUhPVXboTwUBWrvls788gb+sWnSnZKJw0GsaswQ7rQ8TGqJt Z23w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=T3sIsko7NggJV2hPPxvmzs1Tauw8sDWdF+XGvyiZPJM=; b=SGmHxFMm7p+5XFSKW06EtnCfVyofZKoD5jBuldNK2sLfxwF5f1+8TTWLhl1+CiuhqD Rm0oQcnC0nthKC+OAdgJvNijVmNM6awIrREdS1She4c31SQrz2QefPaoNMfoyl6EzbzA uoHTrMc7Ilcc9fcrXlLa5iLWOvkrez3c7H2kzEVWLzPWZMVnmaAfh1MSLnRuWKkHP++D 4FC/6ZEhgUQ56K9xAZUOl78ucV5uqac4iHA8AkyoopM784Lsty36/4PuJcCd4PBIDOBh 1ePsf2xER86EFFz96AIa5JmFXy2hRCoi+fS/sY8zbbFkDKPQAiDOgH5+WGm3dLzl+Lsu E7dQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=Q4u8QkFm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c1-v6si15914401pll.449.2018.04.17.16.01.56; Tue, 17 Apr 2018 16:02:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=Q4u8QkFm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752941AbeDQXAO (ORCPT + 99 others); Tue, 17 Apr 2018 19:00:14 -0400 Received: from mail-pg0-f47.google.com ([74.125.83.47]:41265 "EHLO mail-pg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752708AbeDQXAL (ORCPT ); Tue, 17 Apr 2018 19:00:11 -0400 Received: by mail-pg0-f47.google.com with SMTP id e13so1046649pgq.8 for ; Tue, 17 Apr 2018 16:00:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=T3sIsko7NggJV2hPPxvmzs1Tauw8sDWdF+XGvyiZPJM=; b=Q4u8QkFmDz6mZnBmBcs1upuLB8N9ZX6gUegkpIIm3q543vZYyiuo6INTdq8XUjhoB1 AOQSy0ATJ844RMJubxU5DqyL4Lbwj6PGNyC8tKw9VeSbIDbWY1kuM6Xw1fIv8r0GQEyQ /vImix8AlVX6Hc6dWoyhhesbEwap2kZwymlPyaogKJVmhDcHmi74abRBlOR6lNvO+boV Jks8xWDVN8C3KJ6nVWi+Rkh67gZQuPMX/M1fFCS6JDah1EyrjfQMUrQ5CPf98OBR5y/Y FoNmZW2OvOElO5fUOc+UEPFiZ5E9GPG7jfErGLQOb8K/V04pzj+hCqTSLJY5v4rlGdIf GO8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=T3sIsko7NggJV2hPPxvmzs1Tauw8sDWdF+XGvyiZPJM=; b=TgmD9h+/xt9oL6eo7xV5OiaYRF+nm8T6IBdukwsU4kNwEJgmk+oab/gHSBP1uqGK43 VT5piQmN8fz1sADSvSEaDVNVykDpdr6mdgruVFT8HvqFUw80ucnw9+J5Lb32PbAXI5OC IJC/w+b+cwHKLEB2MFxKXJ2yRTr/kYHxtD/ZmQSxbkWysAi3cBC7xyPyL8q0wlS066B8 yJLon3ujgC9Cks8vl0N71SdiycYQ6nWT84C+AriuWyoZFOo8u7B4N5IIehQoHo4nb0W0 WBbdcA/3uCmsTbj7GD/soZgY3jskn6l8lO/DhzO93GhWjlBbM4NmGlFrlb4YZUm6rSz9 FRuA== X-Gm-Message-State: ALQs6tBlU7JbxFrw7n+C66D+CsMdqd+e3ue95bOgwhFyqjlJdjp/MX6H DCrbmdIA6wWmoqK6UD7RRq3T/g== X-Received: by 10.101.68.72 with SMTP id e8mr3285140pgq.56.1524006010877; Tue, 17 Apr 2018 16:00:10 -0700 (PDT) Received: from [192.168.1.211] (107.191.0.158.static.utbb.net. [107.191.0.158]) by smtp.gmail.com with ESMTPSA id z11sm18737577pgs.80.2018.04.17.16.00.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Apr 2018 16:00:09 -0700 (PDT) Subject: Re: [PATCH] blk-mq: Clear out elevator private data To: Kees Cook Cc: Oleksandr Natalenko , LKML , Paolo Valente , Bart Van Assche , David Windsor , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org, Christoph Hellwig , Hannes Reinecke , Johannes Thumshirn , linux-block@vger.kernel.org References: <20180417214218.GA44753@beast> <7d192394-568c-53e0-4359-723769c3ed7d@kernel.dk> From: Jens Axboe Message-ID: Date: Tue, 17 Apr 2018 17:00:01 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/17/18 4:57 PM, Kees Cook wrote: > On Tue, Apr 17, 2018 at 2:45 PM, Jens Axboe wrote: >> On 4/17/18 3:42 PM, Kees Cook wrote: >>> Some elevators may not correctly check rq->rq_flags & RQF_ELVPRIV, and >>> may attempt to read rq->elv fields. When requests got reused, this >>> caused BFQ to think it already had a bfqq (rq->elv.priv[1]) allocated. >>> This could lead to odd behaviors like having the sense buffer address >>> slowly start incrementing. This eventually tripped HARDENED_USERCOPY >>> and KASAN. >>> >>> This patch wipes all of rq->elv instead of just rq->elv.icq. While >>> it shouldn't technically be needed, this ends up being a robustness >>> improvement that should lead to at least finding bugs in elevators faster. >> >> Comments from the other email still apply, we should not need to do this >> full memset() for every request. From a quick look, BFQ needs to straighten >> out its usage of prepare request and interactions with insert_request. > > Sure, understood. I would point out, FWIW, that memset() gets unrolled > by the compiler and this is just two more XORs in the same cacheline > (the two words following icq). (And there is SO much more being > cleared during alloc, it didn't seem like hardly any extra cost vs the > robustness it provided.) Yeah, it's not super pricey, but it's not needed. BFQ is the user of the members, and the one that assigns them. You're saying leftover assignments, since it doesn't always assign them. Hence I think that's a better fix, just sent out a test patch a few minutes ago. You did all the hard work, I'm just coasting on your findings. -- Jens Axboe