Question: consult patch

From: zhangwensheng (E)
Date: Thu Aug 11 2022 - 23:35:12 EST

Next message: Baolu Lu: "Re: [PATCH 1/1] iommu/vt-d: Fix kdump kernels boot failure with scalable mode"
Previous message: Florian Fainelli: "Re: Kernel Panic in skb_release_data using genet"
Next in thread: Christoph Hellwig: "Re: Question: consult patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Lee ：
   I saw your patch because of CVE-2022-20158, the patch like below:

---
   mm: backing-dev: Take a reference to the bdi in use to prevent UAF

   KASAN reports a reproducible issue in the BDI handling code due to a
   dereference of a previously freed pointer to 'struct backing_dev_info'
   in bdi_unregister().

   Because of a distinct lack of locking and/or reference taking,
   blk_cleanup_queue() puts the final taken reference to the bdi, which
   is then promptly freed by release_bdi(). However, del_gendisk() calls
   bdi_unregister() after the fact, which then attempts to dereference
   it causing the kernel to panic.

   Bug: 182815710
   Signed-off-by: Lee Jones <lee.jones@xxxxxxxxxx>
   Change-Id: Iaf3dadf3b983a4b7d74d4e273fc676350cfc387f
---

   I am sorry that I have some questions for this patch. According to
   my analysis, I failed to find the relevant process may lead to null
   pointer reference. can you show me "KASAN reports a reproducible issue"
   that what the problem is? thank you very much!

Next message: Baolu Lu: "Re: [PATCH 1/1] iommu/vt-d: Fix kdump kernels boot failure with scalable mode"
Previous message: Florian Fainelli: "Re: Kernel Panic in skb_release_data using genet"
Next in thread: Christoph Hellwig: "Re: Question: consult patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]