lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Jan 2012 19:53:07 +0100 From: Dirk Gouders <gouders@...bocholt.fh-gelsenkirchen.de> To: Tejun Heo <tj@...nel.org> Cc: Vivek Goyal <vgoyal@...hat.com>, Suresh Jayaraman <sjayaraman@...e.com>, LKML <linux-kernel@...r.kernel.org>, Jens Axboe <axboe@...nel.dk> Subject: Re: Slab corruption in floppy driver module Tejun Heo <tj@...nel.org> writes: > Hello, > > On Thu, Jan 26, 2012 at 10:04:20AM -0500, Vivek Goyal wrote: >> out_put_disk: >> while (dr--) { >> del_timer_sync(&motor_off_timer[dr]); >> - if (disks[dr]->queue) >> + if (disks[dr]->queue) { >> blk_cleanup_queue(disks[dr]->queue); >> + /* >> + * The request queue reference we took at device >> + * creation time has been put by above >> + * blk_cleanup_queue(). We have not called add_disk() >> + * yet and due to failure calling put_disk(). Put disk >> + * will try to put a reference to disk->queue which is >> + * taken in add_disk(). As we have not taken that >> + * extra reference, putting extra reference down >> + * will try to access already freed queue. Clear >> + * disk->queue before calling put_disk(). >> + */ >> + disks[dr]->queue = NULL; > > Yeah, this looks correct to me. It might be better to tone down the > comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't > paired with add_disk() and will put one extra time? I tested the patch on my machine without a floppy controller and it no longer produces traces, just "floppy0: no floppy controllers found" Dirk -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists