Re: [PATCH v2 5/5] md: protect md_thread with a new disk level spin lock

From: Guoqing Jiang
Date: Wed Mar 15 2023 - 06:40:03 EST

Next message: Sagi Grimberg: "Re: [RFC PATCH] nvme-tcp: fix possible crash when only partilal queues are allocated by nvme_tcp_alloc_queue"
Previous message: Vlastimil Babka: "Re: [PATCH] mm: prefer xxx_page() alloc/free functions for order-0 pages"
In reply to: Yu Kuai: "Re: [PATCH v2 5/5] md: protect md_thread with a new disk level spin lock"
Next in thread: Yu Kuai: "[PATCH v2 2/5] md: refactor md_wakeup_thread()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/15/23 18:02, Yu Kuai wrote:

Hi,

在 2023/03/15 17:39, Guoqing Jiang 写道:

On 3/15/23 14:18, Yu Kuai wrote:

From: Yu Kuai <yukuai3@xxxxxxxxxx>

Our test reports a uaf for 'mddev->sync_thread':

T1                      T2
md_start_sync
md_register_thread
            raid1d
             md_check_recovery
              md_reap_sync_thread
               md_unregister_thread
                kfree

md_wakeup_thread
   wake_up
   ->sync_thread was freed

Better to provide the relevant uaf (user after free perhaps you mean)
log from the test.

Ok, I'll add uaf report(the report is from v5.10) in the next version.

Can you also try with latest mainline instead of just against 5.10 kernel?

Thanks,
Guoqing

Next message: Sagi Grimberg: "Re: [RFC PATCH] nvme-tcp: fix possible crash when only partilal queues are allocated by nvme_tcp_alloc_queue"
Previous message: Vlastimil Babka: "Re: [PATCH] mm: prefer xxx_page() alloc/free functions for order-0 pages"
In reply to: Yu Kuai: "Re: [PATCH v2 5/5] md: protect md_thread with a new disk level spin lock"
Next in thread: Yu Kuai: "[PATCH v2 2/5] md: refactor md_wakeup_thread()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]