Re: [PATCH] netfs: Fix UAF in netfs_unbuffered_write() on failed preparation

[David Howells]

hongao <hongao@xxxxxxxxxxxxx> wrote:

>  		/* Check if (re-)preparation failed. */
>  		if (unlikely(test_bit(NETFS_SREQ_FAILED, &subreq->flags))) {
> -			netfs_write_subrequest_terminated(subreq, subreq->error);
> -			wreq->error = subreq->error;
> +			ret = subreq->error;
> +			wreq->error = ret;
> +			netfs_write_subrequest_terminated(subreq, ret);
>  			break;
>  		}

This shouldn't be effective as all netfs_write_subrequest_terminated() will do
is pass control of the subreq struct back to the app thread.

David