Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp1988003lqo; Mon, 13 May 2024 04:57:51 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWCn/n/GCrYDIrspkCp4XV6/ws/H8skQKYktxMuJTRJnVdyX6+Y3V/vkrx/sNyuDW+L0HtAA2xTxCYrxlQ+1mlqwH7KVka60rUrtAKGVw== X-Google-Smtp-Source: AGHT+IHPN9Nh+tnfC72Rhww6G5H4UTEXLj5pzcqhBKe/Vv9vpLJTDBDQWpbqSUJwqaJ42N4DPjki X-Received: by 2002:a05:6a00:1483:b0:6ea:f422:64ce with SMTP id d2e1a72fcca58-6f4e03a3acfmr13927345b3a.33.1715601471460; Mon, 13 May 2024 04:57:51 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715601471; cv=pass; d=google.com; s=arc-20160816; b=GoRooum8KFhbG97coKM5y02SDTX9TPLFyKd7Qa3q5dQDPA+xxPNU313RkV1Vhl8F9b mUUqAWqUCoAUK+PZsDpoH3tv0+g78dP70MpUJczkOh9a5/iQbaRnv0PAKr+Yftu9N4t+ m6yrCYGbaV/wOfeWNm/GTR2BSbre96zJZVCg40zeHjVRNFGiYmTpfVf+4otOAPJ8gHml rNPXuWESOzDOCo1y57vN38HJ5pm2Ie32v5KlXKbhc63bXn4hw/v9fztTFTgpp+jvmL/4 LRR6G72y5jTRynL3HdYTusGdPLI+lesK1ApLg0IXKFQzk/uEiBrlpmzVMZuDok6ZUWSo QyuQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:references:message-id:subject:cc:to:from:date :dkim-signature; bh=SVjlWqAdfLnp41PpnyNhWZSZIhghyWvNnJwtCIztyEM=; fh=NAybYrEw7D+pazUOqgRUpQIyrfBcUThLz2C+/K95g7A=; b=kpR3ag1hh0DDdcQ+iEvsG7rG+OuOuDzxA8cEmfjLyWt9zGSh09HkTiOudGYD+Fah3j ROdJV0LjqFYH91QU5wH3mJ61i7DFAXuLDziSsUPSQovmLR2NQj8/nY4QIXtuZ0ETnMA2 1afiIDnSagXTmq0/xF5qDm4dw3WP39M+D7LVfQHlKB3jCjJHfERC3nHUdnC2FwxSO0v3 EBOoc5S3tX7LnuzLTgELEmHrpwviKlEUVb0WTWF4OZA6dQA3LmhwY+AXVIz2OZE2Y8FO dNh1FyeeximkfVpPv1b/yRNoCct1yk6uV0xBnTmGqsC7h1mQ0TW+j4ycZY9j0I3LgIkE OXRA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.com header.s=google header.b="Kew62/v5"; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel+bounces-177527-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-177527-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id d2e1a72fcca58-6f4d2b1baa8si5645355b3a.273.2024.05.13.04.57.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 04:57:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-177527-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=google header.b="Kew62/v5"; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel+bounces-177527-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-177527-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 20A9AB226EC for ; Mon, 13 May 2024 11:56:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2E98F14EC7D; Mon, 13 May 2024 11:56:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="Kew62/v5" Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D5ED14D2B6 for ; Mon, 13 May 2024 11:56:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715601378; cv=none; b=lq7+VtGb5HHOQolDUTwzPeCD5TZJ7qWs0eR6ect/u+GGw2gCaHmIPzZwVH74WdKHXUBT4++96aYQcpahnpQ01IcbLzWZJcB1q42VFGy03ujgvIu15/G0FdepizjqPKMvtIWt/nTQoX3LN8n/HT90XPPPGhTniffdBDdxQGBOxbM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715601378; c=relaxed/simple; bh=/K5+pcbqvHdmlKOIY6EGxlQYW8ZajxPOAOvXpRv0FbI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=cMIdBNHIdlthl90/T+CP1Rjf3Te3WQMbMSxmc0X9Lpd2lAlLoPuugkR4x88vxuTGnJSZ2DMeXlWef/G2uHKuhzb3fxOHX591HUkodIu2vL50fEjZ7KIoij11bXxQsTtKoiIl8eDkt3qG9Yc7pSl6fppLnvidXQkIbTv67hLVkJo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=Kew62/v5; arc=none smtp.client-ip=209.85.128.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-41ff5e3dc3bso19803655e9.1 for ; Mon, 13 May 2024 04:56:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1715601373; x=1716206173; darn=vger.kernel.org; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=SVjlWqAdfLnp41PpnyNhWZSZIhghyWvNnJwtCIztyEM=; b=Kew62/v5idseMPnkp4F3MIDryaF9FFyCBe5IoHp8kdaIv6s/GZeDW0KGqOLqak6pH6 vcER/yR77fsBwjMmEo5E6WugXHxSkbK0gRbnml211CHOyWG0Fx+tVLP07fjYDFVO6Qim 25V7eS6KfLRDl106PkmJdncPCcR1PTEmidqk3mjaS/ggoe869ELFKrIwjrlcJpOI5hrE 4SRwHicZx6qaFmaCmAHU5I5gX1jPTii/a7t0+p8tKWfALRLBFsZcCM5SAwE5mDuKxEGa c39mY99OHk2VkgwuLTh7rU0JKXBRjYFSYp5SVDWNh/2/uZY3PzaVPMFC7MWGUrJJIeBJ Dy7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715601373; x=1716206173; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SVjlWqAdfLnp41PpnyNhWZSZIhghyWvNnJwtCIztyEM=; b=OKk62KME8/SNvV4ALejtZzdxbvz5FRw453I+Y2Y3hUVh3AIM4Ifk3fLm3vqRb3Y6xU rBIZDKoc1dQlL6ZKbV1bm0nWoN+MKl2Llz9y/BjUXnKy4qK1i4lfs+uvXu3WV3ePnqNQ uOQ69u+PSLmIWd4JU4vb+QvJaSzYs0Qd1CZdNX5aHlSSBjxv2ItrR5ewpJ1maPt0eWVV rAp451s73rhL6H2NeA7sSraSp2k3OLaRQ7NW9Mf6Dnt0ZrJl7SeirKDbrN0xfFVBP3U7 3D9UQynp6ywvfGQ3J38707bwfb60QAYp6jMYKk5ElKm+PlVZc6F2jNx5z8sg/xKsu+Ov CvtQ== X-Forwarded-Encrypted: i=1; AJvYcCUbb14WLsf6G2SJdEu58dj8jgzIfv7YcAnKvz4ZrF5aY+3ftym5zzYOkX7qI7/DOcuGHxza4PZxbIAcuxtpM5ocFJMQViqm0EdKxPjt X-Gm-Message-State: AOJu0YzVUD1vQ26e/nUUA83aK8V2p7ewwAdJrFbz0MmMOShYdXoX92e4 J7aE5QgyBXSMee4YXSDMsnIMuOzoEjdGXUOegCpeW4HXLFtUqUdVPhdxYK8835k= X-Received: by 2002:a05:600c:3b26:b0:41f:3ee0:a302 with SMTP id 5b1f17b1804b1-41feac55f70mr66726895e9.30.1715601373573; Mon, 13 May 2024 04:56:13 -0700 (PDT) Received: from linux-l9pv.suse ([124.11.22.254]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-41fccee9335sm154180975e9.29.2024.05.13.04.56.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 May 2024 04:56:13 -0700 (PDT) Date: Mon, 13 May 2024 19:56:05 +0800 From: joeyli To: Markus Elfring Cc: linux-block@vger.kernel.org, kernel-janitors@vger.kernel.org, Justin Sanders , LKML , Chun-Yi Lee , "David S. Miller" , Jens Axboe , Kirill Korotaev , Nicolai Stange , Pavel Emelianov Subject: Re: [PATCH] aoe: fix the potential use-after-free problem in more places Message-ID: <20240513115605.GE4433@linux-l9pv.suse> References: <20240410134858.6313-1-jlee@suse.com> <11361de9-b145-41c0-8d5e-5312cd710124@web.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <11361de9-b145-41c0-8d5e-5312cd710124@web.de> User-Agent: Mutt/1.11.4 (2019-03-13) Hi Markus, Thanks for your review! I will send v2 patch. Joey Lee On Tue, Apr 30, 2024 at 06:16:00PM +0200, Markus Elfring wrote: > > For fixing CVE-2023-6270, f98364e92662 patch moved dev_put() from > … > > Please add a subject for the mentioned commit hash. > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc6#n99 > > > > This patch adds dev_hold() to those functions and also uses dev_put() > > when the skb_clone() returns NULL. > > Please improve this change description with a corresponding imperative wording. > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc6#n94 > > > … > > Fixes: f98364e92662 ("aoe: fix the potential use-after-free problem in > > aoecmd_cfg_pkts") > > I suggest to omit a line break for this tag. > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc6#n145 > > > … > > +++ b/drivers/block/aoe/aoecmd.c > … > > @@ -401,7 +402,8 @@ aoecmd_ata_rw(struct aoedev *d) > > __skb_queue_head_init(&queue); > > __skb_queue_tail(&queue, skb); > > aoenet_xmit(&queue); > > - } > > + } else > > + dev_put(f->t->ifp->nd); > > return 1; > > } > > > … > > @@ -617,7 +622,8 @@ probe(struct aoetgt *t) > > __skb_queue_head_init(&queue); > > __skb_queue_tail(&queue, skb); > > aoenet_xmit(&queue); > > - } > > + } else > > + dev_put(f->t->ifp->nd); > > } > > > > static long > … > > Should curly brackets be used for both if branches in these function implementations? > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?h=v6.9-rc6#n213 > > Regards, > Markus