| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Aug 2022 11:34:59 +0800 From: "zhangwensheng (E)" <zhangwensheng@...weicloud.com> To: lee.jones@...aro.org Cc: linux-kernel@...r.kernel.org, linux-block@...r.kernel.org Subject: Question: consult patch Hi Lee : I saw your patch because of CVE-2022-20158, the patch like below: --- mm: backing-dev: Take a reference to the bdi in use to prevent UAF KASAN reports a reproducible issue in the BDI handling code due to a dereference of a previously freed pointer to 'struct backing_dev_info' in bdi_unregister(). Because of a distinct lack of locking and/or reference taking, blk_cleanup_queue() puts the final taken reference to the bdi, which is then promptly freed by release_bdi(). However, del_gendisk() calls bdi_unregister() after the fact, which then attempts to dereference it causing the kernel to panic. Bug: 182815710 Signed-off-by: Lee Jones <lee.jones@...aro.org> Change-Id: Iaf3dadf3b983a4b7d74d4e273fc676350cfc387f --- I am sorry that I have some questions for this patch. According to my analysis, I failed to find the relevant process may lead to null pointer reference. can you show me "KASAN reports a reproducible issue" that what the problem is? thank you very much!
Powered by blists - more mailing lists