[PATCH BUGFIX 0/2] block, bfq: fix user after free

From: Paolo Valente
Date: Wed Aug 07 2019 - 10:18:11 EST

Next message: Paolo Valente: "[PATCH BUGFIX 1/2] block, bfq: reset last_completed_rq_bfqq if the pointed queue is freed"
Previous message: Denis Efremov: "Re: Merge branch 'floppy'"
Next in thread: Paolo Valente: "[PATCH BUGFIX 1/2] block, bfq: reset last_completed_rq_bfqq if the pointed queue is freed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jens,
this series contains a pair of fixes for the UAF reported in
[1]. These patches are the result of the testing described in this
Chrome OS issue [2] since Comment 57.

Thanks,
Paolo

[1] https://lkml.org/lkml/2019/7/27/254
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=931295#c57

Paolo Valente (2):
block, bfq: reset last_completed_rq_bfqq if the pointed queue is freed
block, bfq: move update of waker and woken list to queue freeing

block/bfq-iosched.c | 54 ++++++++++++++++++++++++++++++---------------
1 file changed, 36 insertions(+), 18 deletions(-)

--
2.20.1

Next message: Paolo Valente: "[PATCH BUGFIX 1/2] block, bfq: reset last_completed_rq_bfqq if the pointed queue is freed"
Previous message: Denis Efremov: "Re: Merge branch 'floppy'"
Next in thread: Paolo Valente: "[PATCH BUGFIX 1/2] block, bfq: reset last_completed_rq_bfqq if the pointed queue is freed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]