| Message ID | 20221129024850.1842973-5-luomeng12@huawei.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Delegated to: | Mike Snitzer |
| Headers | show
Return-Path: <dm-devel-bounces@redhat.com> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1A766C4321E for <dm-devel@archiver.kernel.org>; Tue, 29 Nov 2022 02:28:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669688900; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=v7MWoRYG/L3PXrBuQkrUFupO54cfJEbMrROLlKNeb0s=; b=ijRI8vsD33FPVMxH9eFWacrI4liY575+eH5PKApZdeODZzsZ8wx4D2tVTreyHoRNu73v1P hqfn1OZDO6UY8do0Hm6un0XBbkt/9TTTg/hv5XVBX5rZkWNYTr76cRz3DRkhcyrwg2/U8w jdgalCLpNNPZbw+YK3BQsThglhY6bBg= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-452-VV89TyIsP1OHJMO5FvPZUg-1; Mon, 28 Nov 2022 21:28:17 -0500 X-MC-Unique: VV89TyIsP1OHJMO5FvPZUg-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 787E0857D0E; Tue, 29 Nov 2022 02:28:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id CF6F740C6EC2; Tue, 29 Nov 2022 02:28:11 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A3DE41946597; Tue, 29 Nov 2022 02:28:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 916D31946594 for <dm-devel@listman.corp.redhat.com>; Tue, 29 Nov 2022 02:28:10 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 81B8240D298E; Tue, 29 Nov 2022 02:28:10 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A7B040C6EC2 for <dm-devel@redhat.com>; Tue, 29 Nov 2022 02:28:10 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 60538185A78F for <dm-devel@redhat.com>; Tue, 29 Nov 2022 02:28:10 +0000 (UTC) Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-3-P-OSFI19PqOWW_N-K9a_9Q-1; Mon, 28 Nov 2022 21:28:07 -0500 X-MC-Unique: P-OSFI19PqOWW_N-K9a_9Q-1 Received: from mail02.huawei.com (unknown [172.30.67.153]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4NLmTW3zHqz4f3w17; Tue, 29 Nov 2022 10:27:59 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.127.227]) by APP1 (Coremail) with SMTP id cCh0CgBHPaweboVjlJ0JBQ--.11870S8; Tue, 29 Nov 2022 10:28:02 +0800 (CST) From: Luo Meng <luomeng12@huawei.com> To: agk@redhat.com, snitzer@kernel.org, dm-devel@redhat.com, ejt@redhat.com Date: Tue, 29 Nov 2022 10:48:50 +0800 Message-Id: <20221129024850.1842973-5-luomeng12@huawei.com> In-Reply-To: <20221129024850.1842973-1-luomeng12@huawei.com> References: <20221129024850.1842973-1-luomeng12@huawei.com> MIME-Version: 1.0 X-CM-TRANSID: cCh0CgBHPaweboVjlJ0JBQ--.11870S8 X-Coremail-Antispam: 1UD129KBjvdXoWrKryUKw1kKw15Ar4xtr1DJrb_yoWfXrb_Ca sYvFy3Kr47Cr92kw13AFWxZrWkZwnYqF1xXFyftay5urySvr13X348ZrZ8Zr1UZryUJFy3 AF1Dtr43Zw1kGjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbq8YFVCjjxCrM7AC8VAFwI0_Wr0E3s1l1xkIjI8I6I8E6xAIw20E Y4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l82xGYIkIc2x26280x7IE14v26r126s 0DM28IrcIa0xkI8VCY1x0267AKxVW5JVCq3wA2ocxC64kIII0Yj41l84x0c7CEw4AK67xG Y2AK021l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14 v26rxl6s0DM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v2 6rxl6s0DM2vYz4IE04k24VAvwVAKI4IrM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrV ACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWU JVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41l42xK82IYc2Ij64vIr4 1l42xK82IY64kExVAvwVAq07x20xyl4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG 67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMI IYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E 14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJV W8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjxUwb18 DUUUU X-CM-SenderInfo: 5oxrzvtqj6x35dzhxuhorxvhhfrp/ X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 Subject: [dm-devel] [dm-devel v2 4/4] dm integrity: Fix UAF in dm_integrity_dtr() X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development <dm-devel.redhat.com> List-Unsubscribe: <https://listman.redhat.com/mailman/options/dm-devel>, <mailto:dm-devel-request@redhat.com?subject=unsubscribe> List-Archive: <http://listman.redhat.com/archives/dm-devel/> List-Post: <mailto:dm-devel@redhat.com> List-Help: <mailto:dm-devel-request@redhat.com?subject=help> List-Subscribe: <https://listman.redhat.com/mailman/listinfo/dm-devel>, <mailto:dm-devel-request@redhat.com?subject=subscribe> Cc: luomeng12@huawei.com, yukuai3@huawei.com Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" <dm-devel-bounces@redhat.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit |
| Series |
dm: Fix UAF in run_timer_softirq()
|
expand
|
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index e97e9f97456d..1388ee35571e 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -4558,6 +4558,8 @@ static void dm_integrity_dtr(struct dm_target *ti) BUG_ON(!RB_EMPTY_ROOT(&ic->in_progress)); BUG_ON(!list_empty(&ic->wait_list)); + if (ic->mode == 'B') + cancel_delayed_work_sync(&ic->bitmap_flush_work); if (ic->metadata_wq) destroy_workqueue(ic->metadata_wq); if (ic->wait_wq)
Dm_integrity also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, canceling timer again in dm_integrity_dtr(). Fixes: 7eada909bfd7a (dm: add integrity target) Signed-off-by: Luo Meng <luomeng12@huawei.com> --- drivers/md/dm-integrity.c | 2 ++ 1 file changed, 2 insertions(+)