| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Oct 2009 12:00:08 -0700 (PDT)
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Jens Axboe <jens.axboe@...cle.com>
cc: Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] block fixes for 2.6.32-rc
On Wed, 28 Oct 2009, Jens Axboe wrote:
>
> Neil Brown (1):
> block: use after free bug in __blkdev_get
>
> diff --git a/fs/block_dev.c b/fs/block_dev.c
> index 9cf4b92..8bed055 100644
> --- a/fs/block_dev.c
> +++ b/fs/block_dev.c
> @@ -1248,8 +1248,8 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part)
> bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9);
> }
> } else {
> - put_disk(disk);
> module_put(disk->fops->owner);
> + put_disk(disk);
> disk = NULL;
> if (bdev->bd_contains == bdev) {
> if (bdev->bd_disk->fops->open) {
Is this really right? You do the module-put while the disk is still
available..
I get the feeling that it might have been better to do
struct module *mod = disk->fops->owner;
put_disk(disk);
module_put(mod);
instead, which tries to make sure that the module is put only after we've
gotten rid of the disk entirely.
But I dunno. Maybe there is some reason why it's safe either way. You're
sure the kobject_put() in put_disk will never call to the module?
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists