| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50ADFEC2.8040100@kernel.dk> Date: Thu, 22 Nov 2012 11:30:26 +0100 From: Jens Axboe <axboe@...nel.dk> To: Roland Dreier <roland@...nel.org> CC: linux-kernel@...r.kernel.org Subject: Re: [PATCH] block: Don't access request after it might be freed On 2012-11-22 11:00, Roland Dreier wrote: > From: Roland Dreier <roland@...estorage.com> > > After we've done __elv_add_request() and __blk_run_queue() in > blk_execute_rq_nowait(), the request might finish and be freed > immediately. Therefore checking if the type is REQ_TYPE_PM_RESUME > isn't safe afterwards, because if it isn't, rq might be gone. > Instead, check beforehand and stash the result in a temporary. > > This fixes crashes in blk_execute_rq_nowait() I get occasionally when > running with lots of memory debugging options enabled -- I think this > race is usually harmless because the window for rq to be reallocated > is so small. Thanks Roland, that's obviously a bug, not safe to touch the request even after insertion, let alone running the queue. Applied. -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists