Re: [PATH v2] scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach

From: yebin
Date: Wed Jul 28 2021 - 10:24:13 EST

Next message: Dmitry Baryshkov: "[PATCH v2 0/5] PM: add two devres helpers and use them in qcom cc"
Previous message: Kefeng Wang: "Re: [PATCH] mm/memcg: fix NULL pointer dereference in memcg_slab_free_hook()"
Next in thread: Bart Van Assche: "Re: [PATH v2] scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2021/7/23 12:04, Bart Van Assche wrote:

On 1/12/21 10:31 PM, Ye Bin wrote:

sdev->handler_data = NULL;
+ synchronize_rcu();
kfree(h);

What is the purpose of the new synchronize_rcu() call?

Thanks for your reply.
Yes, I add new synchronize_rcu() call is to wait until *h is no longer in use. If free
"h" right now , mybe lead to UAF.

If its purpose is
to wait until *h is no longer in use, please use kfree_rcu() instead.

struct rdac_dh_data {
struct list_head node;
.....
}
As rdac_dh_data.node type is "struct list_head", but kfree_rcu the first parameter type is
"struct rcu_head". So we can only use synchronize_rcu() at here.

Thanks,

Bart.
.

Next message: Dmitry Baryshkov: "[PATCH v2 0/5] PM: add two devres helpers and use them in qcom cc"
Previous message: Kefeng Wang: "Re: [PATCH] mm/memcg: fix NULL pointer dereference in memcg_slab_free_hook()"
Next in thread: Bart Van Assche: "Re: [PATH v2] scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]