| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <22046287-0a36-45ac-bc17-b41636076552@fnnas.com> Date: Fri, 9 Jan 2026 14:43:39 +0800 From: "Yu Kuai" <yukuai@...as.com> To: "Zheng Qixing" <zhengqixing@...weicloud.com> Cc: <hch@...radead.org>, <cgroups@...r.kernel.org>, <linux-block@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <yi.zhang@...wei.com>, <yangerkun@...wei.com>, <houtao1@...wei.com>, <tj@...nel.org>, <josef@...icpanda.com>, <axboe@...nel.dk>, <zhengqixing@...wei.com>, <yukuai@...as.com> Subject: Re: [PATCH 2/3] blk-cgroup: fix uaf in blkcg_activate_policy() racing with blkg_free_workfn() Hi, 在 2026/1/9 14:22, Zheng Qixing 写道: > I tried adding blkcg_mutex protection in blkcg_activate_policy() and > blkg_destroy_all() as suggested. > > Unfortunately, the UAF still occurs even with proper mutex protection. > > The mutex successfully protects the list structure during traversal > won't be added/removed from > > q->blkg_list while we hold the lock. However, this doesn't prevent the > same blkg from being released > > twice. I don't understand, what I suggested should actually include your changes in this patch. Can you show your changes and make sure blkcg_policy_teardown_pds() inside blkcg_activate_policy() is also protected. -- Thansk, Kuai
Powered by blists - more mailing lists