mbox series

[-next,v5,0/6] md: fix uaf for sync_thread

Message ID 20230410113559.1610455-1-yukuai1@huaweicloud.com (mailing list archive)
Headers show
Series md: fix uaf for sync_thread | expand

Message

Yu Kuai April 10, 2023, 11:35 a.m. UTC 
From: Yu Kuai <yukuai3@huawei.com>

Changes in v5:
 - use rcu_dereference_protected() instead of rcu_access_pointer() where
 rcu_read_lock/unlock is not required.
 - add patch 4,5 to handle that bitmap timeout is set multiple times.

Changes in v4:
 - remove patch 2 from v3
 - fix sparse errors and warnings from v3, in order to do that, all access
 to md_thread need to be modified, patch 2-4 is splited to avoid a huge
 patch.

Changes in v3:
 - remove patch 3 from v2
 - use rcu instead of a new lock

Changes in v2:
 - fix a compile error for md-cluster in patch 2
 - replace spin_lock/unlock with spin_lock/unlock_irq in patch 5
 - don't wake up inside the new lock in md wakeup_thread in patch 5

Yu Kuai (6):
  md: pass a md_thread pointer to md_register_thread()
  md: factor out a helper to wake up md_thread directly
  dm-raid: remove useless checking in raid_message()
  md/bitmap: always wake up md_thread in timeout_store
  md/bitmap: factor out a helper to set timeout
  md: protect md_thread with rcu

 drivers/md/dm-raid.c      |   4 +-
 drivers/md/md-bitmap.c    |  50 +++++++++++------
 drivers/md/md-cluster.c   |  11 ++--
 drivers/md/md-multipath.c |   6 +--
 drivers/md/md.c           | 110 ++++++++++++++++++++------------------
 drivers/md/md.h           |  15 +++---
 drivers/md/raid1.c        |   9 ++--
 drivers/md/raid1.h        |   2 +-
 drivers/md/raid10.c       |  25 ++++-----
 drivers/md/raid10.h       |   2 +-
 drivers/md/raid5-cache.c  |  20 +++----
 drivers/md/raid5.c        |  19 +++----
 drivers/md/raid5.h        |   2 +-
 13 files changed, 148 insertions(+), 127 deletions(-)