Re: [PATCH] block, bfq: fix uaf for bfqq in bic_set_bfqq()

From: Jens Axboe
Date: Sun Jan 29 2023 - 16:51:47 EST

Next message: Steev Klimaszewski: "[PATCH 1/4] dt-bindings: net: Add WCN6855 Bluetooth bindings"
Previous message: Steev Klimaszewski: "[PATCH 0/4] Attempt at adding WCN6855 BT support"
In reply to: Yu Kuai: "Re: [PATCH] block, bfq: fix uaf for bfqq in bic_set_bfqq()"
Next in thread: Yu Kuai: "Re: [PATCH] block, bfq: fix uaf for bfqq in bic_set_bfqq()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/28/23 6:38 PM, Yu Kuai wrote:
> Hi, Jens
>
> 在 2023/01/13 17:44, Yu Kuai 写道:
>> After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"),
>> bic->bfqq will be accessed in bic_set_bfqq(), however, in some context
>> bic->bfqq will be freed first, and bic_set_bfqq() is called with the freed
>> bic->bfqq.
>>
>> Fix the problem by always freeing bfqq after bic_set_bfqq().
>>
>
> Sorry that I send this patch will wrong email, and you might missed this
> patch.
>
> Can you apply this patch? This patch can't be applied directly to lower
> version due to Paolo's patchset, I'll send lts patch seperately.

I'm confused... So this patch only applies to the 6.3 branch, yet we
need it in 6.2 as far as I can tell. Why isn't it against block-6.2
then?

--
Jens Axboe

Next message: Steev Klimaszewski: "[PATCH 1/4] dt-bindings: net: Add WCN6855 Bluetooth bindings"
Previous message: Steev Klimaszewski: "[PATCH 0/4] Attempt at adding WCN6855 BT support"
In reply to: Yu Kuai: "Re: [PATCH] block, bfq: fix uaf for bfqq in bic_set_bfqq()"
Next in thread: Yu Kuai: "Re: [PATCH] block, bfq: fix uaf for bfqq in bic_set_bfqq()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]