[PATCH] bcache: safeguard a dangerous addressing in closure_queue

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Liang Chen <liangchen.linux@gmail.com>
To: linux-bcache@vger.kernel.org
Cc: mlyle@lyle.org, i@coly.li, kent.overstreet@gmail.com,
	linux-kernel@vger.kernel.org,
	Liang Chen <liangchen.linux@gmail.com>
Subject: [PATCH] bcache: safeguard a dangerous addressing in closure_queue
Date: Thu, 12 Oct 2017 22:37:37 +0800	[thread overview]
Message-ID: <20171012143737.24577-1-liangchen.linux@gmail.com> (raw)

The use of the union reduces the size of closure struct by taking advantage
of the current size of its members. The offset of func in work_struct equals
the size of the first three members, so that work.work_func will just
reference the forth member - fn.

This is smart but dangerous. It can be broken if work_struct or the other
structs get changed, and can be a bit difficult to debug.

Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
---
Replacing all occurences of closure_fn to work_func_fn seems to be an option
but that would end up with a big lenghty and error prone patch.

 drivers/md/bcache/closure.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h
index 295b7e4..dbff8f4 100644
--- a/drivers/md/bcache/closure.h
+++ b/drivers/md/bcache/closure.h
@@ -251,6 +251,11 @@ static inline void set_closure_fn(struct closure *cl, closure_fn *fn,
 static inline void closure_queue(struct closure *cl)
 {
 	struct workqueue_struct *wq = cl->wq;
+	/**
+	 * Changes made to closure, work_struct, or a couple of other structs
+	 * may cause work.func not pointing to the right location.
+	 */
+	BUG_ON((unsigned long)cl->fn != (unsigned long)cl->work.func);
 	if (wq) {
 		INIT_WORK(&cl->work, cl->work.func);
 		BUG_ON(!queue_work(wq, &cl->work));
-- 
1.8.3.1

next             reply	other threads:[~2017-10-12 14:37 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-12 14:37 Liang Chen [this message]
2017-10-12 17:44 ` [PATCH] bcache: safeguard a dangerous addressing in closure_queue Michael Lyle
2017-10-13  5:02   ` Liang Chen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:295b7e4 dfblob:dbff8f4 )
 OR (
bs:"[PATCH] bcache: safeguard a dangerous addressing in closure_queue" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171012143737.24577-1-liangchen.linux@gmail.com \
    --to=liangchen.linux@gmail.com \
    --cc=i@coly.li \
    --cc=kent.overstreet@gmail.com \
    --cc=linux-bcache@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mlyle@lyle.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.