On 06/09/2015 03:28 AM, Ming Lei wrote:
Hi Jens,
Could you consider this patch for v4.1?
http://marc.info/?l=linux-kernel&m=143342792910832&w=2
The issue is one obvious use-after-free and can be reproduced easily
via 'sudo modprobe loop;sleep 1;sudo rmmod loop' on linus tree:
htt
Hi Jens,
Could you consider this patch for v4.1?
http://marc.info/?l=linux-kernel&m=143342792910832&w=2
The issue is one obvious use-after-free and can be reproduced easily
via 'sudo modprobe loop;sleep 1;sudo rmmod loop' on linus tree:
http://kernel.ubuntu.com/~ming/block/bug/4.1-rc
Now blk_cleanup_queue() can be called before calling
del_gendisk()[1], inside which hctx->ctxs is touched
from blk_mq_unregister_hctx(), but the variable has
been freed by blk_cleanup_queue() at that time.
So this patch moves freeing of hctx->ctxs into queue's
release handler for fixing the oops r
3 matches
Mail list logo
