From: Jens Axboe <axboe@kernel.dk>
To: Ming Lei <tom.leiming@gmail.com>, linux-kernel@vger.kernel.org
Cc: Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH] block: null_blk: fix use after free
Date: Thu, 01 May 2014 09:17:23 -0600 [thread overview]
Message-ID: <53626583.5030604@kernel.dk> (raw)
In-Reply-To: <1398928356-24390-1-git-send-email-tom.leiming@gmail.com>
On 05/01/2014 01:12 AM, Ming Lei wrote:
> entry(cmd->ll_list) may belong to new request once end_cmd()
> returns, so fix the bug with the patch.
>
> Without the change, it is easy to observe oops when
> doing null_blk(timer) test.
>
> Signed-off-by: Ming Lei <tom.leiming@gmail.com>
> ---
> drivers/block/null_blk.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/block/null_blk.c b/drivers/block/null_blk.c
> index 8e7e3a0..e932398 100644
> --- a/drivers/block/null_blk.c
> +++ b/drivers/block/null_blk.c
> @@ -203,8 +203,8 @@ static enum hrtimer_restart null_cmd_timer_expired(struct hrtimer *timer)
> entry = llist_reverse_order(entry);
> do {
> cmd = container_of(entry, struct nullb_cmd, ll_list);
> - end_cmd(cmd);
> entry = entry->next;
> + end_cmd(cmd);
> } while (entry);
> }
Good catch, applied.
--
Jens Axboe
prev parent reply other threads:[~2014-05-01 15:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-01 7:12 [PATCH] block: null_blk: fix use after free Ming Lei
2014-05-01 15:17 ` Jens Axboe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53626583.5030604@kernel.dk \
--to=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=tom.leiming@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.