From: Jan Kara <jack@suse.cz>
To: Bart Van Assche <bvanassche@acm.org>
Cc: Yufen Yu <yuyufen@huawei.com>,
axboe@kernel.dk, jack@suse.cz, viro@zeniv.linux.org.uk,
bart.vanassche@wdc.com, linux-block@vger.kernel.org
Subject: Re: [PATCH v3] block: fix use-after-free on gendisk
Date: Mon, 15 Apr 2019 18:01:30 +0200 [thread overview]
Message-ID: <20190415160130.GG13684@quack2.suse.cz> (raw)
In-Reply-To: <1555343795.161891.103.camel@acm.org>
On Mon 15-04-19 08:56:35, Bart Van Assche wrote:
> On Tue, 2019-04-02 at 20:06 +0800, Yufen Yu wrote:
> > diff --git a/block/genhd.c b/block/genhd.c
> > index 961b2bc4634f..a4ef0068dbb2 100644
> > --- a/block/genhd.c
> > +++ b/block/genhd.c
> > @@ -529,6 +529,18 @@ void blk_free_devt(dev_t devt)
> > }
> > }
> >
> > +/**
> > + * We invalidate devt by assigning NULL pointer for devt in idr.
> > + */
> > +void blk_invalidate_devt(dev_t devt)
> > +{
> > + if (MAJOR(devt) == BLOCK_EXT_MAJOR) {
> > + spin_lock_bh(&ext_devt_lock);
> > + idr_replace(&ext_devt_idr, NULL, blk_mangle_minor(MINOR(devt)));
> > + spin_unlock_bh(&ext_devt_lock);
> > + }
> > +}
>
> Did you perhaps copy the above code from blk_free_devt()? If so, please
> modify blk_free_devt() such that it calls blk_invalidate_devt() instead
> of introducing a copy of most of blk_free_devt().
I guess you've misread the patch. blk_free_devt() does idr_remove(). Here
we do idr_replace(). Subtle difference but an important one!
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2019-04-15 16:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-02 12:06 [PATCH v3] block: fix use-after-free on gendisk Yufen Yu
2019-04-02 15:16 ` Jan Kara
2019-04-09 14:07 ` yuyufen
2019-04-15 14:32 ` yuyufen
2019-04-15 15:04 ` Keith Busch
2019-04-15 15:56 ` Bart Van Assche
2019-04-15 16:01 ` Jan Kara [this message]
2019-04-15 19:30 ` Bart Van Assche
2019-04-15 21:36 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190415160130.GG13684@quack2.suse.cz \
--to=jack@suse.cz \
--cc=axboe@kernel.dk \
--cc=bart.vanassche@wdc.com \
--cc=bvanassche@acm.org \
--cc=linux-block@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=yuyufen@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.