[0/9,v7] bfq: Avoid use-after-free when moving processes between cgroups

Message ID	20220401102325.17617-1-jack@suse.cz (mailing list archive)
Headers	show Return-Path: <linux-block-owner@kernel.org> From: Jan Kara <jack@suse.cz> To: Paolo Valente <paolo.valente@linaro.org> Cc: <linux-block@vger.kernel.org>, Jens Axboe <axboe@kernel.dk>, "yukuai (C)" <yukuai3@huawei.com>, Jan Kara <jack@suse.cz> Subject: [PATCH 0/9 v7] bfq: Avoid use-after-free when moving processes between cgroups Date: Fri, 1 Apr 2022 12:27:41 +0200 Message-Id: <20220401102325.17617-1-jack@suse.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	bfq: Avoid use-after-free when moving processes between cgroups \| expand [0/9,v7] bfq: Avoid use-after-free when moving processes between cgroups [1/9] bfq: Avoid false marking of bic as stably merged [2/9] bfq: Avoid merging queues with different parents [3/9] bfq: Split shared queues on move between cgroups [4/9] bfq: Update cgroup information before merging bio [5/9] bfq: Drop pointless unlock-lock pair [6/9] bfq: Remove pointless bfq_init_rq() calls [7/9] bfq: Track whether bfq_group is still online [8/9] bfq: Get rid of __bio_blkcg() usage [9/9] bfq: Make sure bfqg for which we are queueing requests is online

Message ID

20220401102325.17617-1-jack@suse.cz (mailing list archive)

Headers

From: Jan Kara <jack@suse.cz>
To: Paolo Valente <paolo.valente@linaro.org>
Cc: <linux-block@vger.kernel.org>, Jens Axboe <axboe@kernel.dk>,
        "yukuai (C)" <yukuai3@huawei.com>, Jan Kara <jack@suse.cz>
Subject: [PATCH 0/9 v7] bfq: Avoid use-after-free when moving processes
 between cgroups
Date: Fri,  1 Apr 2022 12:27:41 +0200
Message-Id: <20220401102325.17617-1-jack@suse.cz>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

bfq: Avoid use-after-free when moving processes between cgroups | expand

Message

Jan Kara April 1, 2022, 10:27 a.m. UTC

Hello,

here is the seventh version of my patches to fix use-after-free issues in BFQ
when processes with merged queues get moved to different cgroups. Kuai has
confirmed that patches now fix all the issues his reproducer was able to
trigger so I've just added some tags, codewise this is the same as v6. Paolo,
can you please check whether the patches look good to you so that Jens can
merge them? Thanks!

Changes since v6:
* Added some Tested-by, Fixes, and CC tags

Changes since v5:
* Added handling of situation when bio is submitted for a cgroup that has
  already went through bfq_pd_offline()
* Convert bfq to avoid using deprecated __bio_blkcg() and thus fix possible
  races when returned cgroup can change while bfq is working with a request

Changes since v4:
* Even more aggressive splitting of merged bfq queues to avoid problems with
  long merge chains.

Changes since v3:
* Changed handling of bfq group move to handle the case when target of the
  merge has moved.

Changes since v2:
* Improved handling of bfq queue splitting on move between cgroups
* Removed broken change to bfq_put_cooperator()

Changes since v1:
* Added fix for bfq_put_cooperator()
* Added fix to handle move between cgroups in bfq_merge_bio()

								Honza
Previous versions:
Link: http://lore.kernel.org/r/20211223171425.3551-1-jack@suse.cz # v1
Link: http://lore.kernel.org/r/20220105143037.20542-1-jack@suse.cz # v2
Link: http://lore.kernel.org/r/20220112113529.6355-1-jack@suse.cz # v3
Link: http://lore.kernel.org/r/20220114164215.28972-1-jack@suse.cz # v4
Link: http://lore.kernel.org/r/20220121105503.14069-1-jack@suse.cz # v5
Link: http://lore.kernel.org/r/20220330123438.32719-1-jack@suse.cz # v6

Comments

Christoph Hellwig April 15, 2022, 5:03 a.m. UTC | #1

I'm not really a blk-cgroup expert, but these do look good to me:

Reviewed-by: Christoph Hellwig <hch@lst.de>

(and I'd like to get this staged for other blk-cgroup changs I have
pending :))

Paolo Valente April 26, 2022, 2:29 p.m. UTC | #2

> Il giorno 1 apr 2022, alle ore 12:27, Jan Kara <jack@suse.cz> ha scritto:
> 
> Hello,
> 
> here is the seventh version of my patches to fix use-after-free issues in BFQ
> when processes with merged queues get moved to different cgroups. Kuai has
> confirmed that patches now fix all the issues his reproducer was able to
> trigger so I've just added some tags, codewise this is the same as v6. Paolo,
> can you please check whether the patches look good to you so that Jens can
> merge them?

I think this is not needed any longer :) At any rate, your patches do fix
an evident problem, in a correct way.

Thank you,
Paolo

> Thanks!
> 
> Changes since v6:
> * Added some Tested-by, Fixes, and CC tags
> 
> Changes since v5:
> * Added handling of situation when bio is submitted for a cgroup that has
>  already went through bfq_pd_offline()
> * Convert bfq to avoid using deprecated __bio_blkcg() and thus fix possible
>  races when returned cgroup can change while bfq is working with a request
> 
> Changes since v4:
> * Even more aggressive splitting of merged bfq queues to avoid problems with
>  long merge chains.
> 
> Changes since v3:
> * Changed handling of bfq group move to handle the case when target of the
>  merge has moved.
> 
> Changes since v2:
> * Improved handling of bfq queue splitting on move between cgroups
> * Removed broken change to bfq_put_cooperator()
> 
> Changes since v1:
> * Added fix for bfq_put_cooperator()
> * Added fix to handle move between cgroups in bfq_merge_bio()
> 
> 								Honza
> Previous versions:
> Link: http://lore.kernel.org/r/20211223171425.3551-1-jack@suse.cz # v1
> Link: http://lore.kernel.org/r/20220105143037.20542-1-jack@suse.cz # v2
> Link: http://lore.kernel.org/r/20220112113529.6355-1-jack@suse.cz # v3
> Link: http://lore.kernel.org/r/20220114164215.28972-1-jack@suse.cz # v4
> Link: http://lore.kernel.org/r/20220121105503.14069-1-jack@suse.cz # v5
> Link: http://lore.kernel.org/r/20220330123438.32719-1-jack@suse.cz # v6