On Thu, Mar 09 2023 at 9:42P -0500, Dan Carpenter <error27@xxxxxxxxx> wrote: > On Thu, Mar 09, 2023 at 05:35:20PM +0300, Dan Carpenter wrote: > > --> 2758 if (test_bit(DM_CRYPT_NO_READ_WORKQUEUE, &cc->flags) || > > ^^^^^^^^^ > > 2759 test_bit(DM_CRYPT_NO_WRITE_WORKQUEUE, &cc->flags)) > > ^^^^^^^^^ > > UAF. This wasn't tested, right? If this passes testing then it means > > kfree_sensitive() is broken. (Normally UAF bugs can only be detected > > with KASan, but kfree_sensitive() should poison the data I thought). > > > > Nope. This is thing where you need KASan to detect the bug. I'm wrong > and continually demonstrate how even twenty years in to it I still don't > understand pointers. Thanks for the report, really appreciate it. Sorry for the oversight (and lack of testing). But we decided to fix a different way and linux-next was updated accordingly, I just tweaked it but here is the final: https://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=d9a02e016aaf5a57fb44e9a5e6da8ccd3b9e2e70 Mike -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
