Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp3014408rdb; Fri, 22 Sep 2023 15:32:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHofgDfH+DJ3xVhMuWyZRbOeSIhCyMGASDHHtW9aZRIsGG7ANuKrODQBE49HLAiFmEj4nap X-Received: by 2002:aa7:8886:0:b0:68c:1004:1feb with SMTP id z6-20020aa78886000000b0068c10041febmr823427pfe.32.1695421963014; Fri, 22 Sep 2023 15:32:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695421962; cv=none; d=google.com; s=arc-20160816; b=vceK8mtzT334bQHYSQW9sqDdI145FA9pFXzwoi7mR+u5pv/GLmzi57JTQSxPvE+bM7 6E3dEQHrucj8j1OM149nCxXpMVGnLOv3ZM99j9QA2F/KY0tC6r/ODj/5rRsoddTH36l2 FESBgCeGyRSzlsIZ5XLg6df6meXrYQ7IfECKtkKfDM+3bG4CNeGFiaOvlYIb1Y13Jg4A lCVWBoB5Yg3jDHNoREZOCWWqf3mqt6LQcHwyRi8wGtzD95aw3aCtisMqA+3C3co6/8vB 1hDb4OdaEkjv2tTVwGRAlGVfN1udxFQzx6OTt4zEtF0Xmn8guPc6se4h1o0tKh2+Bouc 283Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=UFXnvm90AnZS5ugwYzLgHg0vzuSZu/RHex9JeJs8pKc=; fh=wCA3NcWytqQ0f2Ahz/7Ed7//oLuqzp4iT+r4k6sZr80=; b=KnPCLQfAPTREpvsWVfLMu8PFBe38T+Pr4/rueEMRbcBG0fg7NQfNTMYj7uz84po2oI 8fKcThl5scFcLkp0l4VmBhqCeFcaSMQnP9nrxSl6XYedCmlw31vmGNisvTHcKLdYgifz ieEgxSn+kALgIK8hUwpvqb8tu61Dz/KID6PiZfdDxvAMwFuXCSVUtQvzU41nxdsf9SFo Jz7P2g9kl8fCtHy1K5Cu6nZWtMUXtsalfk+fAgB6sm5I7h7LIlqVARg5qIlbNIp85Z1c XMmnT9X13JVuN4cvj/15yxBL888R2UPau0qWW2H7l3mcN+pjNkO+jrINb7sqQmbO/xBN 5nUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=ckFcenzC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id m8-20020a056a00080800b0068fa8499af1si4939611pfk.11.2023.09.22.15.32.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 15:32:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=ckFcenzC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 0B13F80C111F; Fri, 22 Sep 2023 11:21:38 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232992AbjIVSVb (ORCPT + 99 others); Fri, 22 Sep 2023 14:21:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232489AbjIVSV3 (ORCPT ); Fri, 22 Sep 2023 14:21:29 -0400 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2E3FC2 for ; Fri, 22 Sep 2023 11:21:22 -0700 (PDT) Received: by mail-qt1-x833.google.com with SMTP id d75a77b69052e-41761e9181eso39971cf.1 for ; Fri, 22 Sep 2023 11:21:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1695406882; x=1696011682; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=UFXnvm90AnZS5ugwYzLgHg0vzuSZu/RHex9JeJs8pKc=; b=ckFcenzCQARDq2vH179vjehHy1Up3xZygz0lAwpXe5YuV6AH/z2MtqnVmPvV3BXODA oEUo4Fz7V798hHJ81WLApnVIwRrtRNItLw+Dd8IFyzq0PMjOqqVzPGRezIuE1q2QkZGX 1TKts5mHdnzK+AMLp3o5M8/sINAuxBz4ZhVS1cQLsZNHnNkmkE55Q1S0YZLJJVQG/zXR 23tA2hZpaGAe9MPXBR1nsd57M5y32F16SShzrH7j0sWDogcmWlXLQOAQgrCHOsQJ9Ocb muakfLyajXLYLZJxIZtmi+LQqAwNc+014fOxeUfyslkkrVGNWiXtIi2O5knCUbB9Q62H xpFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695406882; x=1696011682; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UFXnvm90AnZS5ugwYzLgHg0vzuSZu/RHex9JeJs8pKc=; b=vkb8GhTc9PHFbPM903lGpnHmbYhgyS/jF+C3qR49zsJDTnu8K7ZRm5ACYUcvog3ii1 yb/GcGOTLqntwarVoPeC9iR9X7ekHTnCnXMaLy+Fu2Aizc5M8QxXFZ4dwlgyuL6tHFcR 4GrnlK96zWxD4Jr43bXEI9dkjZRoWoxWfx79qDpjWgLOTAedd2FrAFAhevXzzumAH18J xtF/hqtvai1v2bWO1I5dBkBdBJZk5VrpBmvCMi8w1vMdbzz15x82D9mj8TznJZ8mezhU 2qzgSNcc/b/1piDlZ3lV/eI1/ymHqltDsV2ApZQb5y7hd8usG2ZI72nMamDw19ydXwhb c5og== X-Gm-Message-State: AOJu0YxVl27Ez5KipkA8NFZuP2Hx/IcrwgfDonB60BMYanlx7FHVFJgv 2i7k/a53OXVqXJX5/YtgP2sAby4fSMFkSgaeADgkCowrV0dMJdPT/f3zTbUg X-Received: by 2002:a05:622a:1aa6:b0:3ef:5f97:258f with SMTP id s38-20020a05622a1aa600b003ef5f97258fmr30782qtc.16.1695406881586; Fri, 22 Sep 2023 11:21:21 -0700 (PDT) MIME-Version: 1.0 References: <20230921182012.3965572-1-saranyamohan@google.com> <2023092258-clothing-passerby-e0f2@gregkh> In-Reply-To: <2023092258-clothing-passerby-e0f2@gregkh> From: Saranya Muruganandam Date: Fri, 22 Sep 2023 11:21:10 -0700 Message-ID: Subject: Re: [PATCH] block: fix use-after-free of q->q_usage_counter To: Greg KH Cc: Jens Axboe , Tejun Heo , Ming Lei , stable@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Zhang Wensheng , Zhong Jinghua , Hillf Danton , Yu Kuai , Dennis Zhou Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 22 Sep 2023 11:21:38 -0700 (PDT) Apologies for leaving out the stable release info. This is for both 5.10 and patch applies cleanly for 5.15. I just sent out a (different) modified patch for 6.1 LTS. On Fri, Sep 22, 2023 at 2:26=E2=80=AFAM Greg KH wrote: > > On Thu, Sep 21, 2023 at 11:20:12AM -0700, Saranya Muruganandam wrote: > > From: Ming Lei > > > > commit d36a9ea5e7766961e753ee38d4c331bbe6ef659b upstream. > > > > For blk-mq, queue release handler is usually called after > > blk_mq_freeze_queue_wait() returns. However, the > > q_usage_counter->release() handler may not be run yet at that time, so > > this can cause a use-after-free. > > > > Fix the issue by moving percpu_ref_exit() into blk_free_queue_rcu(). > > Since ->release() is called with rcu read lock held, it is agreed that > > the race should be covered in caller per discussion from the two links. > > > > Backport-notes: Not a clean cherry-pick since a lot has changed, > > however essentially the same fix. > > > > Reported-by: Zhang Wensheng > > Reported-by: Zhong Jinghua > > Link: https://lore.kernel.org/linux-block/Y5prfOjyyjQKUrtH@T590/T/#u > > Link: https://lore.kernel.org/lkml/Y4%2FmzMd4evRg9yDi@fedora/ > > Cc: Hillf Danton > > Cc: Yu Kuai > > Cc: Dennis Zhou > > Fixes: 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref= in fast path") > > Signed-off-by: Ming Lei > > Link: https://lore.kernel.org/r/20221215021629.74870-1-ming.lei@redhat.= com > > Signed-off-by: Jens Axboe > > Signed-off-by: Saranya Muruganandam > > --- > > block/blk-core.c | 2 -- > > block/blk-sysfs.c | 2 ++ > > 2 files changed, 2 insertions(+), 2 deletions(-) > > What stable kernel(s) are you expecting this backport to be applied to? > > thanks, > > greg "not a mind reader" k-h