[PATCH] fix vulnerability of the release method of file operations inBlock layer SCSI generic driver

From: Hillf Danton
Date: Wed Nov 10 2010 - 09:08:45 EST

Next message: Peter Zijlstra: "Re: [RFC][PATCH] perf: sysfs type id"
Previous message: Ingo Molnar: "Re: [PATCH -tip] microcode, AMD: Cleanup code a bit"
Next in thread: Matthew Wilcox: "Re: [PATCH] fix vulnerability of the release method of fileoperations in Block layer SCSI generic driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The computation context setup by previous opening the bsg file could
not survive following open/release operations upon the same file
object.

The vulnerability is fixed by deferring the cleanup operation until necessary.

Signed-off-by: Hillf Danton <dhillf@xxxxxxxxx>
---

--- a/block/bsg.c 2010-09-13 07:07:38.000000000 +0800
+++ b/block/bsg.c 2010-11-10 21:43:58.000000000 +0800
@@ -858,7 +858,8 @@ static int bsg_release(struct inode *ino
{
struct bsg_device *bd = file->private_data;

- file->private_data = NULL;
+ if (1 == atomic_read(&bd->ref_count))
+ file->private_data = NULL;
return bsg_put_device(bd);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Zijlstra: "Re: [RFC][PATCH] perf: sysfs type id"
Previous message: Ingo Molnar: "Re: [PATCH -tip] microcode, AMD: Cleanup code a bit"
Next in thread: Matthew Wilcox: "Re: [PATCH] fix vulnerability of the release method of fileoperations in Block layer SCSI generic driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]