Re: [PATCH] block: fix use-after-free of q->q_usage_counter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 15 Dec 2022 10:16:29 +0800, Ming Lei wrote:
> For blk-mq, queue release handler is usually called into after
> blk_mq_freeze_queue_wait() returns. However, q_usage_counter->release()
> handler may not be started yet at that time, so cause user-after-free.
> 
> Fix the issue by moving percpu_ref_exit() into blk_free_queue_rcu()
> since ->release() is called with rcu read lock held, since it is
> concluded that the race should be covered in caller per discussion
> from the two links.
> 
> [...]

Applied, thanks!

[1/1] block: fix use-after-free of q->q_usage_counter
      commit: d36a9ea5e7766961e753ee38d4c331bbe6ef659b

Best regards,
-- 
Jens Axboe
[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux