From: Guoqing Jiang <guoqing.jiang@linux.dev>
To: Yu Kuai <yukuai1@huaweicloud.com>,
agk@redhat.com, snitzer@kernel.org, song@kernel.org
Cc: linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org,
yi.zhang@huawei.com, yangerkun@huawei.com,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [PATCH v2 5/5] md: protect md_thread with a new disk level spin lock
Date: Wed, 15 Mar 2023 18:39:50 +0800 [thread overview]
Message-ID: <3ef18a75-8a1a-aa28-47e8-cba3f60475c7@linux.dev> (raw)
In-Reply-To: <7cc22b63-a2f7-67ed-1a50-9fb415fadb81@huaweicloud.com>
On 3/15/23 18:02, Yu Kuai wrote:
> Hi,
>
> 在 2023/03/15 17:39, Guoqing Jiang 写道:
>>
>>
>> On 3/15/23 14:18, Yu Kuai wrote:
>>> From: Yu Kuai <yukuai3@huawei.com>
>>>
>>> Our test reports a uaf for 'mddev->sync_thread':
>>>
>>> T1 T2
>>> md_start_sync
>>> md_register_thread
>>> raid1d
>>> md_check_recovery
>>> md_reap_sync_thread
>>> md_unregister_thread
>>> kfree
>>>
>>> md_wakeup_thread
>>> wake_up
>>> ->sync_thread was freed
>>
>> Better to provide the relevant uaf (user after free perhaps you mean)
>> log from the test.
> Ok, I'll add uaf report(the report is from v5.10) in the next version.
Can you also try with latest mainline instead of just against 5.10 kernel?
Thanks,
Guoqing
next prev parent reply other threads:[~2023-03-15 10:40 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-15 6:18 [PATCH v2 0/5] md: fix uaf for sync_thread Yu Kuai
2023-03-15 6:18 ` [PATCH v2 1/5] md: pass a md_thread pointer to md_register_thread() Yu Kuai
2023-03-15 6:18 ` [PATCH v2 2/5] md: refactor md_wakeup_thread() Yu Kuai
2023-03-15 6:18 ` [PATCH v2 3/5] md: use md_thread api to wake up sync_thread Yu Kuai
2023-03-15 6:18 ` [PATCH v2 4/5] md: pass a mddev to md_unregister_thread() Yu Kuai
2023-03-15 6:18 ` [PATCH v2 5/5] md: protect md_thread with a new disk level spin lock Yu Kuai
2023-03-15 9:39 ` Guoqing Jiang
2023-03-15 10:02 ` Yu Kuai
2023-03-15 10:39 ` Guoqing Jiang [this message]
2023-03-15 8:30 ` [PATCH v2 0/5] md: fix uaf for sync_thread Paul Menzel
2023-03-15 22:55 ` Logan Gunthorpe
2023-03-16 1:26 ` Yu Kuai
2023-03-28 23:31 ` Song Liu
2023-03-29 1:14 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ef18a75-8a1a-aa28-47e8-cba3f60475c7@linux.dev \
--to=guoqing.jiang@linux.dev \
--cc=agk@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=snitzer@kernel.org \
--cc=song@kernel.org \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).