Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp3226298rwb; Sun, 30 Jul 2023 03:13:54 -0700 (PDT) X-Google-Smtp-Source: APBJJlFCdbTMiZINDoGquur0ZmzDvim38ybaXwFdTMJBD3nGcxZCzDfL97edmIXhjKBwdmE3x9Bk X-Received: by 2002:a05:6870:d251:b0:1ba:66c1:da53 with SMTP id h17-20020a056870d25100b001ba66c1da53mr7910198oac.22.1690712034689; Sun, 30 Jul 2023 03:13:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690712034; cv=none; d=google.com; s=arc-20160816; b=Sc0YKvQiIiW6FE8U4xmu9le8aWR/M7CMhMCLRo47xLlxbHd7R9ArU/iEYNRtnlQxvL +3xPfCs0/dCUZJWc8Kfy+aW4N1H81oA4zUP697rQ1BBAzxV2VSIvtZ/GZ3HkQUY9hOGm GFxL8cE7CmgAlk7QhZaMd6dB6Iajz2cnXV9ztgkBhhvjC4jiQG1+uIUyCewoeItD3GSc AIXj43iYmWVDNxHyJ1FhJaSfMSOQgcOqHVeEoaslrJXY8SIp0EpzFiIa3c3OFYPpWhMM DStBbMql1PIL4cY6HfjK7epI9bFQFkXLh9wAMjo34gfGbeMylIrps3mmUiwlc3QW2A6N Cw5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=tt2e85FHgwaQzmFedERxlbkmWN0v7x5WMncY42s4laA=; fh=nsSHgjUx/zEHPkx1plvgyAXxiuaiCeJj6072MFscasE=; b=hIPVoqqv53TqywL+kVvHnMBuNveTSX8OsvcCrGz8b/zYRA5/CBBYRwODVJJLK8CrMQ R91G1qURG0bNw/4hbSoc+cCtA/9EcyyKgjHJvTtWrCDTu7IMR8xTieqeMexA//QNGEfI lR3wHzY+Zupi3nBaBWceEKaRbf0unZQX85jNfhwtH3fea2rylJ/GyZCJHIywrbXrEbco 42NEfkRm4Ofqnk2DnmYovxCoCoWJeNht2JMBck/5AUB5CNBMpewaEkR1JLmEVF7P08bc Ty6STR/itXQfseq4MGoh5pKPYGLhKVPmMwND/Im9U9awle+YPAbDaTyUaBmACJ+en9xe tGag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bd30-20020a056a00279e00b006872a888560si1159016pfb.83.2023.07.30.03.13.35; Sun, 30 Jul 2023 03:13:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229847AbjG3JrR (ORCPT + 99 others); Sun, 30 Jul 2023 05:47:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229514AbjG3JrQ (ORCPT ); Sun, 30 Jul 2023 05:47:16 -0400 Received: from mx3.molgen.mpg.de (mx3.molgen.mpg.de [141.14.17.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19FDF19A; Sun, 30 Jul 2023 02:47:15 -0700 (PDT) Received: from [192.168.0.2] (ip5f5ae955.dynamic.kabel-deutschland.de [95.90.233.85]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: pmenzel) by mx.molgen.mpg.de (Postfix) with ESMTPSA id F3C7D61E5FE01; Sun, 30 Jul 2023 11:46:24 +0200 (CEST) Message-ID: Date: Sun, 30 Jul 2023 11:46:24 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: [PATCH] md: fix potential OOB in multipath_remove_disk() Content-Language: en-US To: Song Liu , Zhang Shurong , Christoph Hellwig Cc: linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org References: From: Paul Menzel In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dear Song, Zhang and Christoph, Am 29.07.23 um 12:46 schrieb Song Liu: > On Sat, Jul 15, 2023 at 5:45 PM Zhang Shurong wrote: >> >> 在 2023年7月13日星期四 CST 上午12:50:19,Christoph Hellwig 写道: >>> On Thu, Jul 13, 2023 at 12:46:05AM +0800, Zhang Shurong wrote: >>>> If rddev->raid_disk is greater than mddev->raid_disks, there will be >>>> an out-of-bounds in multipath_remove_disk. We have already found >>>> similar reports as follows: >>>> >>>> 1) commit d17f744e883b ("md-raid10: fix KASAN warning") >>>> 2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk") >>>> >>>> Fix this bug by checking whether the "number" variable is >>>> valid. >>> >>> I think it might just be time to finally dropped the deprecated md >>> multipath code instead.. >> Should I write another patch to delete them? > > Yes, please write a patch to delete the multipath code. How would fixing this bug work with the stable series? Probably a removal patch wouldn’t be picked, right? Shouldn’t the fix be accepted in master, and then the code be removed? Kind regards, Paul