mbox series

[BUGFIX,0/2] block, bfq: fix user after free

Message ID 20190807141754.3567-1-paolo.valente@linaro.org
Headers show
Series block, bfq: fix user after free | expand

Message

Paolo Valente Aug. 7, 2019, 2:17 p.m. UTC 
Hi Jens,
this series contains a pair of fixes for the UAF reported in
[1]. These patches are the result of the testing described in this
Chrome OS issue [2] since Comment 57.

Thanks,
Paolo

[1] https://lkml.org/lkml/2019/7/27/254
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=931295#c57


Paolo Valente (2):
  block, bfq: reset last_completed_rq_bfqq if the pointed queue is freed
  block, bfq: move update of waker and woken list to queue freeing

 block/bfq-iosched.c | 54 ++++++++++++++++++++++++++++++---------------
 1 file changed, 36 insertions(+), 18 deletions(-)

--
2.20.1

Comments

Jens Axboe Aug. 8, 2019, 1:31 p.m. UTC | #1 
On 8/7/19 7:17 AM, Paolo Valente wrote:
> Hi Jens,

> this series contains a pair of fixes for the UAF reported in

> [1]. These patches are the result of the testing described in this

> Chrome OS issue [2] since Comment 57.


Applied, thanks.

-- 
Jens Axboe
Pavel Machek Aug. 13, 2019, 11:14 a.m. UTC | #2 
Hi!

> this series contains a pair of fixes for the UAF reported in

> [1]. These patches are the result of the testing described in this

> Chrome OS issue [2] since Comment 57.


This seems to have solved crashes with chromium on x220 from
"v5.3-rc2: crashes and scrolling in web browser now has audio
feedback" thread.

Best regards,
							Pavel

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany