| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230221082905.3389012-1-yukuai1@huaweicloud.com>
Date: Tue, 21 Feb 2023 16:29:05 +0800
From: Yu Kuai <yukuai1@...weicloud.com>
To: jack@...e.cz, axboe@...nel.dk, paolo.valente@...aro.org,
damien.lemoal@...nsource.wdc.com
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
yukuai3@...wei.com, yukuai1@...weicloud.com, yi.zhang@...wei.com,
yangerkun@...wei.com
Subject: [PATCH] block, bfq: free 'sync_bfqq' after bic_set_bfqq() in bfq_sync_bfqq_move()
From: Yu Kuai <yukuai3@...wei.com>
As explained in commit b600de2d7d3a ("block, bfq: fix uaf for bfqq in
bic_set_bfqq()"), bfqq should not be freed before bic_set_bfqq().
However, this is broken while merging commit 9778369a2d6c ("block, bfq:
split sync bfq_queues on a per-actuator basis") from branch
for-6.3/block.
Fixes: 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis")
Signed-off-by: Yu Kuai <yukuai3@...wei.com>
---
block/bfq-cgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c
index ea3638e06e04..89ffb3aa992c 100644
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -746,8 +746,8 @@ static void bfq_sync_bfqq_move(struct bfq_data *bfqd,
* old cgroup.
*/
bfq_put_cooperator(sync_bfqq);
- bfq_release_process_ref(bfqd, sync_bfqq);
bic_set_bfqq(bic, NULL, true, act_idx);
+ bfq_release_process_ref(bfqd, sync_bfqq);
}
}
--
2.31.1
Powered by blists - more mailing lists