diff options
| author | Christoph Hellwig <hch@lst.de> | 2021-08-16 15:26:14 +0300 | 
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2021-08-16 19:49:11 +0300 | 
| commit | 889c05cc5834a1eef2dbe1e639cfd7a81c4f4c6d (patch) | |
| tree | 61d680894772d993d79976efa1c593cfdb1c0dff /tools/perf/scripts/python/syscall-counts-by-pid.py | |
| parent | 9451aa0aacaf7ea13d1acfd5de8b63a6e0b24fac (diff) | |
| download | linux-889c05cc5834a1eef2dbe1e639cfd7a81c4f4c6d.tar.xz | |
block: ensure the bdi is freed after inode_detach_wb
inode_detach_wb references the "main" bdi of the inode.  With the
recent change to move the bdi from the request_queue to the gendisk
this causes a guaranteed use after free when using certain cgroup
configurations.  The big itself is older through as any non-default
inode reference (e.g. an open file descriptor) could have injected
this use after free even before that.
Fixes: 52ebea749aae ("writeback: make backing_dev_info host cgroup-specific bdi_writebacks")
Reported-by: Qian Cai <quic_qiancai@quicinc.com>
Reported-by: syzbot <syzbot+1fb38bb7d3ce0fa3e1c4@syzkaller.appspotmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210816122614.601358-3-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'tools/perf/scripts/python/syscall-counts-by-pid.py')
0 files changed, 0 insertions, 0 deletions
