Re:Re: [PATCH 4.19.y 0/9] Fix the UAF issue caused by the loop driver

From: genjian zhang
Date: Wed Mar 06 2024 - 21:36:40 EST

Next message: Miaohe Lin: "Re: [PATCH v1] mm: swap: Fix race between free_swap_and_cache() and swapoff()"
Previous message: Changhuang Liang: " 回复: [PATCH v1 6/7] staging: media: starfive: Add raw output stride configure"
In reply to: Greg KH: "Re: [PATCH 4.19.y 0/9] Fix the UAF issue caused by the loop driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 2024-03-04 21:31:20, "Greg KH" <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>On Fri, Mar 01, 2024 at 09:30:19AM +0800, Genjian wrote:
>> From: Genjian Zhang <zhanggenjian@xxxxxxxxxx>
>>
>> Hello!
>>
>> We found that 2035c770bfdb ("loop: Check for overflow while configuring loop") lost a unlock loop_ctl_mutex in loop_get_status(...).
>> which caused syzbot to report a UAF issue. However, the upstream patch does not have this issue.
>> So, we revert this patch and directly apply the unmodified upstream patch.
>>
>> Risk use-after-free as reported by syzbot：
>
>This looks good, but you are backporting commits that are NOT in newer
>stable releases (i.e. from 5.8 but the commit is not in 5.4.y), is that
>intentional?
>
>Does 5.4.y also have this problem? If so, can you send a series that
>fixes that up so I can take both of them at the same time?
>
>thanks,
>
>greg k-h

Thank you for your advice. This problem also exists in 5.4.y.
I will send a series of patches for 5.4.y.

thanks,

Genjian

Next message: Miaohe Lin: "Re: [PATCH v1] mm: swap: Fix race between free_swap_and_cache() and swapoff()"
Previous message: Changhuang Liang: " 回复: [PATCH v1 6/7] staging: media: starfive: Add raw output stride configure"
In reply to: Greg KH: "Re: [PATCH 4.19.y 0/9] Fix the UAF issue caused by the loop driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]