Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

From: Dan Carpenter
Date: Fri Jun 05 2020 - 14:11:19 EST

Next message: Scott Branden: "Re: [PATCH 0/3] fs: reduce export usage of kerne_read*() calls"
Previous message: Nicolas Saenz Julienne: "Re: [PATCH v3 004/105] clk: bcm: Add BCM2711 DVP driver"
In reply to: Jan Kara: "Re: [PATCH v2] block: Fix use-after-free in blkdev_get()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 05, 2020 at 04:42:36PM +0200, Jan Kara wrote:
> On Fri 05-06-20 12:43:54, Dan Carpenter wrote:
> > I wonder if maybe the best fix is to re-add the "if (!res) " check back
> > to blkdev_get().
>
> Well, it won't be that simple since we need to call bd_abort_claiming()
> under bdev->bd_mutex. And the fact that __blkdev_get() frees the reference
> you pass to it is somewhat subtle and surprising so I think we are better
> off getting rid of that.

Fair enough.

Jason Yan sent a v3 of this patch that frees "whole". I've looked it
over pretty close and I think it's probably correct.

(not that my opinion should count for much because I don't know this
code very well at all).

regards,
dan carpenter

Next message: Scott Branden: "Re: [PATCH 0/3] fs: reduce export usage of kerne_read*() calls"
Previous message: Nicolas Saenz Julienne: "Re: [PATCH v3 004/105] clk: bcm: Add BCM2711 DVP driver"
In reply to: Jan Kara: "Re: [PATCH v2] block: Fix use-after-free in blkdev_get()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]