From: Christoph Hellwig <hch@lst.de>
To: Yu Kuai <yukuai1@huaweicloud.com>
Cc: Christoph Hellwig <hch@lst.de>,
axboe@kernel.dk, willy@infradead.org, kch@nvidia.com,
martin.petersen@oracle.com, johannes.thumshirn@wdc.com,
ming.lei@redhat.com, linux-block@vger.kernel.org,
linux-kernel@vger.kernel.org, yi.zhang@huawei.com,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [PATCH -nect RFC v2 0/2] block: fix uaf in bd_link_disk_holder()
Date: Sun, 30 Oct 2022 16:30:40 +0100 [thread overview]
Message-ID: <20221030153040.GB9676@lst.de> (raw)
In-Reply-To: <0ad09045-1012-e86b-41f2-a88d02e8f1ed@huaweicloud.com>
On Fri, Oct 21, 2022 at 11:15:34AM +0800, Yu Kuai wrote:
> Hi,
>
> 在 2022/10/21 0:47, Christoph Hellwig 写道:
>> As mentioned before I don't think we should make this even more
>> crufty in the block layer. See the series I just sent to move it int
>> dm.
>
> It seems we had some misunderstanding, the problem I tried to fix here
> should not just related to dm, but all the caller of
> bd_link_disk_holder().
As far as I can tell the problem was just that patch 1 in my series blows
away the bd_holder_dir pointer in part0 on del_gendisk. Each holder
actually holds a reference to the kobject, so the memory for it is
still valid, it's just that the pointer got cleared. I'll send a v2
in a bit.
next prev parent reply other threads:[~2022-10-30 15:30 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-20 13:20 [PATCH -nect RFC v2 0/2] block: fix uaf in bd_link_disk_holder() Yu Kuai
2022-10-20 13:20 ` [PATCH -nect RFC v2 1/2] block: add helpers for bd_holder_dir refcount management Yu Kuai
2022-10-20 13:20 ` [PATCH -nect RFC v2 2/2] block: fix uaf for bd_holder_dir Yu Kuai
2022-10-20 16:47 ` [PATCH -nect RFC v2 0/2] block: fix uaf in bd_link_disk_holder() Christoph Hellwig
2022-10-21 3:15 ` Yu Kuai
2022-10-26 11:16 ` Yu Kuai
2022-10-30 15:30 ` Christoph Hellwig [this message]
2022-10-31 1:08 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221030153040.GB9676@lst.de \
--to=hch@lst.de \
--cc=axboe@kernel.dk \
--cc=johannes.thumshirn@wdc.com \
--cc=kch@nvidia.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=ming.lei@redhat.com \
--cc=willy@infradead.org \
--cc=yi.zhang@huawei.com \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox