lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAFj5m9JW9apD56=9m2jrr7Bza_L7+DfbeP6tMZhmWjyvRuL7ow@mail.gmail.com>
Date: Tue, 23 Sep 2025 16:57:50 +0800
From: Ming Lei <ming.lei@...hat.com>
To: Yu Kuai <yukuai1@...weicloud.com>
Cc: axboe@...nel.dk, martin.petersen@...cle.com, hare@...e.de, 
	linux-block@...r.kernel.org, linux-kernel@...r.kernel.org, yukuai3@...wei.com, 
	yi.zhang@...wei.com, yangerkun@...wei.com, johnny.chenyi@...wei.com
Subject: Re: [PATCH] blk-mq: fix null-ptr-deref in blk_mq_free_tags() from
 error path

On Tue, Sep 23, 2025 at 3:11 PM Yu Kuai <yukuai1@...weicloud.com> wrote:
>
> From: Yu Kuai <yukuai3@...wei.com>
>
> blk_mq_free_tags() can be called after blk_mq_init_tags(), while
> tags->page_list is still not initialized, causing null-ptr-deref.
>
> Fix this problem by initializing tags->page_list at blk_mq_init_tags(),
> meanwhile, also free tags directly from error path because there is no
> srcu barrier.
>
> Fixes: ad0d05dbddc1 ("blk-mq: Defer freeing of tags page_list to SRCU callback")
> Reported-by: syzbot+5c5d41e80248d610221f@...kaller.appspotmail.com
> Closes: https://lore.kernel.org/all/68d1b079.a70a0220.1b52b.0000.GAE@google.com/
> Signed-off-by: Yu Kuai <yukuai3@...wei.com>

Reviewed-by: Ming Lei <ming.lei@...hat.com>

Thanks,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ