summaryrefslogtreecommitdiff
path: root/drivers/acpi
diff options
context:
space:
mode:
authorJosef Bacik <josef@toxicpanda.com>2021-01-25 20:21:02 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-02-04 01:22:20 +0300
commit51359110d9d9b0231dc6a60716895104c73e7770 (patch)
tree1a7ac71947fc7331a850e3ca21493c6b0ab34d79 /drivers/acpi
parent2c8a3fceddf0dd87f278e7a5e01350f86f844b1c (diff)
downloadlinux-51359110d9d9b0231dc6a60716895104c73e7770.tar.xz
nbd: freeze the queue while we're adding connections
commit b98e762e3d71e893b221f871825dc64694cfb258 upstream. When setting up a device, we can krealloc the config->socks array to add new sockets to the configuration. However if we happen to get a IO request in at this point even though we aren't setup we could hit a UAF, as we deref config->socks without any locking, assuming that the configuration was setup already and that ->socks is safe to access it as we have a reference on the configuration. But there's nothing really preventing IO from occurring at this point of the device setup, we don't want to incur the overhead of a lock to access ->socks when it will never change while the device is running. To fix this UAF scenario simply freeze the queue if we are adding sockets. This will protect us from this particular case without adding any additional overhead for the normal running case. Cc: stable@vger.kernel.org Signed-off-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/acpi')
0 files changed, 0 insertions, 0 deletions