lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Dec 2022 10:50:58 +0800 From: Ming Lei <ming.lei@...hat.com> To: Jens Axboe <axboe@...nel.dk>, Tejun Heo <tj@...nel.org> Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org, Zhong Jinghua <zhongjinghua@...wei.com>, Yu Kuai <yukuai3@...wei.com>, Dennis Zhou <dennis@...nel.org>, Ming Lei <ming.lei@...hat.com> Subject: [PATCH 0/3] lib/percpu-refcount: fix use-after-free by late ->release Hi, The pattern of wait_event(percpu_ref_is_zero()) may cause percpu_ref_exit() to be called before ->release() is done, so user-after-free may be caused, fix the issue by draining ->release() in percpu_ref_exit(). Ming Lei (3): lib/percpu-refcount: support to exit refcount automatically during releasing lib/percpu-refcount: apply PERCPU_REF_AUTO_EXIT lib/percpu-refcount: drain ->release() in perpcu_ref_exit() drivers/infiniband/ulp/rtrs/rtrs-srv.c | 4 +-- include/linux/percpu-refcount.h | 36 ++++++++++++++++++++++++-- lib/percpu-refcount.c | 31 +++++++++++++++++++--- mm/memcontrol.c | 5 ++-- 4 files changed, 66 insertions(+), 10 deletions(-) -- 2.38.1
Powered by blists - more mailing lists