| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Mar 2021 08:18:01 +0100
From: Christoph Hellwig <hch@....de>
To: syzbot <syzbot+8fede7e30c7cee0de139@...kaller.appspotmail.com>
Cc: axboe@...nel.dk, hch@....de, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
tj@...nel.org
Subject: Re: [syzbot] KASAN: use-after-free Read in disk_part_iter_next (2)
I've been running the reproducer on a KASAN enable VM for about
15 minutes now, but haven't been able to reproduce it.
Is there a way to inject this proposed fix into the syzbot queue?
diff --git a/block/partitions/core.c b/block/partitions/core.c
index 1a7558917c47d6..f5d5872b89d57e 100644
--- a/block/partitions/core.c
+++ b/block/partitions/core.c
@@ -288,15 +288,12 @@ struct device_type part_type = {
void delete_partition(struct block_device *part)
{
xa_erase(&part->bd_disk->part_tbl, part->bd_partno);
- kobject_put(part->bd_holder_dir);
- device_del(&part->bd_device);
-
- /*
- * Remove the block device from the inode hash, so that it cannot be
- * looked up any more even when openers still hold references.
- */
remove_inode_hash(part->bd_inode);
+ synchronize_rcu();
+
+ kobject_put(part->bd_holder_dir);
+ device_del(&part->bd_device);
put_device(&part->bd_device);
}
Powered by blists - more mailing lists