| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200724013811.106825-1-yuchao0@huawei.com>
Date: Fri, 24 Jul 2020 09:38:11 +0800
From: Chao Yu <yuchao0@...wei.com>
To: <jaegeuk@...nel.org>
CC: <linux-f2fs-devel@...ts.sourceforge.net>,
<linux-kernel@...r.kernel.org>, <chao@...nel.org>,
Li Guifu <bluce.liguifu@...wei.com>,
Chao Yu <yuchao0@...wei.com>
Subject: [PATCH v2] f2fs: fix use-after-free issue
From: Li Guifu <bluce.liguifu@...wei.com>
During umount, f2fs_put_super() unregisters procfs entries after
f2fs_destroy_segment_manager(), it may cause use-after-free
issue when umount races with procfs accessing, fix it by relocating
f2fs_unregister_sysfs().
[Chao Yu: change commit title/message a bit]
Signed-off-by: Li Guifu <bluce.liguifu@...wei.com>
Reviewed-by: Chao Yu <yuchao0@...wei.com>
---
v2:
- fix typo in commit message.
- improve comment in f2fs_put_super() a bit.
fs/f2fs/super.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 80cb7cd358f8..5e0a3eeb8ca4 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1175,6 +1175,9 @@ static void f2fs_put_super(struct super_block *sb)
int i;
bool dropped;
+ /* unregister procfs/sysfs entries in advance to avoid race case */
+ f2fs_unregister_sysfs(sbi);
+
f2fs_quota_off_umount(sb);
/* prevent remaining shrinker jobs */
@@ -1240,8 +1243,6 @@ static void f2fs_put_super(struct super_block *sb)
kvfree(sbi->ckpt);
- f2fs_unregister_sysfs(sbi);
-
sb->s_fs_info = NULL;
if (sbi->s_chksum_driver)
crypto_free_shash(sbi->s_chksum_driver);
--
2.26.2
Powered by blists - more mailing lists