linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 02:20:40 +00:00

History

Yu Kuai f1c006f1c6 blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy() Currently parent pd can be freed before child pd: t1: remove cgroup C1 blkcg_destroy_blkgs blkg_destroy list_del_init(&blkg->q_node) // remove blkg from queue list percpu_ref_kill(&blkg->refcnt) blkg_release call_rcu t2: from t1 __blkg_release blkg_free schedule_work t4: deactivate policy blkcg_deactivate_policy pd_free_fn // parent of C1 is freed first t3: from t2 blkg_free_workfn pd_free_fn If policy(for example, ioc_timer_fn() from iocost) access parent pd from child pd after pd_offline_fn(), then UAF can be triggered. Fix the problem by delaying 'list_del_init(&blkg->q_node)' from blkg_destroy() to blkg_free_workfn(), and using a new disk level mutex to synchronize blkg_free_workfn() and blkcg_deactivate_policy(). Signed-off-by: Yu Kuai <yukuai3@huawei.com> Acked-by: Tejun Heo <tj@kernel.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20230119110350.2287325-4-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe@kernel.dk>		2023-01-29 15:19:04 -07:00
..
acpi	ACPI: Fix selecting wrong ACPI fwnode for the iGPU on some Dell laptops	2023-01-10 20:23:48 +01:00
asm-generic	arch: fix broken BuildID for arm64 and riscv	2022-12-30 17:21:51 +09:00
clocksource	Updates for timers, timekeeping and drivers:	2022-12-12 12:52:02 -08:00
crypto
drm	drm/fb-helper: Use a per-driver FB deferred I/O handler	2023-01-24 11:13:08 +01:00
dt-bindings	remoteproc updates for v6.2	2022-12-21 09:37:14 -08:00
keys
kunit	kunit: add macro to allow conditionally exposing static symbols to tests	2022-12-12 14:13:48 -07:00
kvm
linux	blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()	2023-01-29 15:19:04 -07:00
math-emu
media
memory
misc
net	net: mana: Fix IRQ name - add PCI and queue number	2023-01-20 18:17:17 -08:00
pcmcia
ras
rdma
rv
scsi	scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress	2023-01-18 19:14:56 -05:00
soc	firmware: raspberrypi: Fix type assignment	2023-01-10 13:44:04 -08:00
sound
target
trace	rxrpc: Move client call connection to the I/O thread	2023-01-06 09:43:33 +00:00
uapi	ublk_drv: add mechanism for supporting unprivileged ublk device	2023-01-29 15:18:34 -07:00
ufs	scsi: ufs: core: Fix devfreq deadlocks	2023-01-18 19:08:37 -05:00
vdso
video	fbdev: omapfb: connector-analog-tv: remove support for platform data	2022-12-14 20:01:49 +01:00
xen	xen: make remove callback of xen driver void returned	2022-12-15 16:06:10 +01:00