From: Jens Axboe <axboe@kernel.dk>
To: Jan Kara <jack@suse.cz>, Yu Kuai <yukuai1@huaweicloud.com>
Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
yi.zhang@huawei.com, yangerkun@huawei.com,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [PATCH] block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
Date: Thu, 9 Jan 2025 06:52:19 -0700 [thread overview]
Message-ID: <89f3fc0e-ea04-4b29-a79e-5d2f2ef7af6a@kernel.dk> (raw)
In-Reply-To: <syxzk4eauh3zzs37y6eirzlblp5lin6wyrpanw2mleliyj6cnr@2y3a7hrnet2o>
On 1/9/25 1:50 AM, Jan Kara wrote:
> On Thu 09-01-25 09:32:08, Yu Kuai wrote:
>> Hi,
>>
>> ? 2025/01/08 22:42, Jan Kara ??:
>>>
>>>
>>>> */
>>>> if (bfqq_process_refs(waker_bfqq) == 1)
>>>> return NULL;
>>>> - break;
>>>> +
>>>> + return waker_bfqq;
>>>
>>> So how do you know bfqq_process_refs(waker_bfqq) is not 0 in this case?
>>
>> Because in this case, waker_bfqq is in the merge chain of bfqq, and bfqq
>> is obtained frm the current process, which means waker_bfqq should have
>> at least one process reference that is from current thread.
>
> Ah, right. Thanks for explanation. The except for the typo the patch looks
> good to me. Feel free to add:
>
> Reviewed-by: Jan Kara <jack@suse.cz>
>
> (although I can see Jens has already picked up the patch so probably this
> is immaterial).
Still useful! The patch has a link to this thread, so it's still
connected even if the commit itself isn't updated. Though with the typo
in process, I'm kind of pondering just amending the commit and then I'll
add your reviewed-by as well. But usually I don't, but still appreciate
reviews after it's been queued.
--
Jens Axboe
prev parent reply other threads:[~2025-01-09 13:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-08 8:41 [PATCH] block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Yu Kuai
2025-01-08 14:30 ` Jens Axboe
2025-01-08 14:42 ` Jan Kara
2025-01-09 1:32 ` Yu Kuai
2025-01-09 8:50 ` Jan Kara
2025-01-09 13:52 ` Jens Axboe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89f3fc0e-ea04-4b29-a79e-5d2f2ef7af6a@kernel.dk \
--to=axboe@kernel.dk \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox