From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-it0-f52.google.com ([209.85.214.52]:36771 "EHLO
	mail-it0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752743AbcGAOj4 (ORCPT
	<rfc822;stable@vger.kernel.org>); Fri, 1 Jul 2016 10:39:56 -0400
Received: by mail-it0-f52.google.com with SMTP id a5so19780684ita.1
        for <stable@vger.kernel.org>; Fri, 01 Jul 2016 07:39:54 -0700 (PDT)
Subject: Re: [PATCH] block: fix use-after-free in sys_ioprio_get()
To: Omar Sandoval <osandov@osandov.com>, Jens Axboe <axboe@fb.com>
References: <fa9c9a3ee7355f932d4f40322602aae5fb293f97.1467358615.git.osandov@fb.com>
Cc: Dmitry Vyukov <dvyukov@google.com>, linux-block@vger.kernel.org,
	kernel-team@fb.com, stable@vger.kernel.org
From: Jens Axboe <axboe@kernel.dk>
Message-ID: <577680B8.4020003@kernel.dk>
Date: Fri, 1 Jul 2016 08:39:52 -0600
MIME-Version: 1.0
In-Reply-To: <fa9c9a3ee7355f932d4f40322602aae5fb293f97.1467358615.git.osandov@fb.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On 07/01/2016 01:39 AM, Omar Sandoval wrote:
> From: Omar Sandoval <osandov@fb.com>
>
> get_task_ioprio() accesses the task->io_context without holding the task
> lock and thus can race with exit_io_context(), leading to a
> use-after-free. The reproducer below hits this within a few seconds on
> my 4-core QEMU VM:

Thanks Omar, applied for this series.

-- 
Jens Axboe