On 2021/03/11 21:57, Greg KH wrote: > On Thu, Mar 11, 2021 at 09:34:38PM +0900, Tetsuo Handa wrote: >> On 2021/03/11 3:33, Greg KH wrote: >>> On Sun, Mar 07, 2021 at 08:53:25PM -0700, Shuah Khan wrote: >>>> This patch series fixes the following problems founds in syzbot >>>> fuzzing. >>> >>> Thanks for these, all now queued up. >> >> I send SIGSTOP to >> >> [PATCH 4/6] usbip: fix stub_dev usbip_sockfd_store() races leading to gpf >> [PATCH 5/6] usbip: fix vhci_hcd attach_store() races leading to gpf >> [PATCH 6/6] usbip: fix vudc usbip_sockfd_store races leading to gpf >> >> because these patches merely converted NULL pointer dererefence bug to use-after-free bug >> by breaking kthread_get_run() into kthread_create()/get_task_struct()/wake_up_process(). > > I'll take follow-on patches to fix that other issue, if it's proven to > be valid. It's nice to fix up NULL dereference issues as soon as > possible :) Not an "other issue". Shuah's [PATCH 4,5,6/6] is failing to fix NULL pointer dereference issue. These patches simply replaces NULL pointer dereference issue (caused by preemption) with use after free issue (caused by exactly same preemption) issue. Shuah has to understand the consequence of calling wake_up_process() on rx thread in order to fix this NULL pointer dereference issue. The only fix we can safely apply now is https://lkml.kernel.org/r/20210205135707.4574-1-penguin-kernel@xxxxxxxxxxxxxxxxxxx . Since I and Shuah agreed that we will remove kthread_get_run(), it is nice to fix up frequently happening -EINTR pointer dereference issue as soon as possible.