| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 6 Apr 2018 04:21:46 +0100
From: Al Viro <viro@...IV.linux.org.uk>
To: Christoph Hellwig <hch@....de>
Cc: Avi Kivity <avi@...lladb.com>, linux-aio@...ck.org,
linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/6] aio: refactor read/write iocb setup
On Wed, Mar 28, 2018 at 09:26:36AM +0200, Christoph Hellwig wrote:
> + struct inode *inode = file_inode(file);
> +
> req->ki_flags |= IOCB_WRITE;
> file_start_write(file);
> - ret = aio_ret(req, call_write_iter(file, req, &iter));
> + ret = aio_rw_ret(req, call_write_iter(file, req, &iter));
> /*
> - * We release freeze protection in aio_complete(). Fool lockdep
> - * by telling it the lock got released so that it doesn't
> - * complain about held lock when we return to userspace.
> + * We release freeze protection in aio_complete_rw(). Fool
> + * lockdep by telling it the lock got released so that it
> + * doesn't complain about held lock when we return to userspace.
> */
> - if (S_ISREG(file_inode(file)->i_mode))
> - __sb_writers_release(file_inode(file)->i_sb, SB_FREEZE_WRITE);
> + if (S_ISREG(inode->i_mode))
... and that's another use-after-free, since we might've already done fput() of
that sucker by that point.
> + __sb_writers_release(inode->i_sb, SB_FREEZE_WRITE);
Powered by blists - more mailing lists