| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4991497B.4030200@cn.fujitsu.com>
Date: Tue, 10 Feb 2009 17:31:39 +0800
From: Li Zefan <lizf@...fujitsu.com>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: Paul Menage <menage@...gle.com>, Al Viro <viro@...IV.linux.org.uk>,
LKML <linux-kernel@...r.kernel.org>,
Linux Containers <containers@...ts.linux-foundation.org>
Subject: [PATCH] cgroups: fix possible use after free
In cgroup_kill_sb(), root is freed before sb is detached from the list,
so another sget() may find this sb and call cgroup_test_super(),
which will access the root that has been freed.
Reported-by: Al Viro <viro@...IV.linux.org.uk>
Signed-off-by: Li Zefan <lizf@...fujitsu.com>
---
kernel/cgroup.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 5a54ff4..42fd3f2 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1122,8 +1122,8 @@ static void cgroup_kill_sb(struct super_block *sb) {
mutex_unlock(&cgroup_mutex);
- kfree(root);
kill_litter_super(sb);
+ kfree(root);
}
static struct file_system_type cgroup_fs_type = {
--
1.5.4.rc3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists