On Mon, Dec 03, 2018 at 06:10:51PM +0900, Ryusuke Konishi wrote:
> Hi, Pan Bian
>
> Thank you for feeding back this patch.
> I reviewed this and am thinking this must be sent to upstream.
>
> Did you see any kernel oops on this bug ?
Not yet. In fact, I found it with a static method.
Best
On Mon, Dec 03, 2018 at 06:10:51PM +0900, Ryusuke Konishi wrote:
> Hi, Pan Bian
>
> Thank you for feeding back this patch.
> I reviewed this and am thinking this must be sent to upstream.
>
> Did you see any kernel oops on this bug ?
Not yet. In fact, I found it with a static method.
Best
Hi, Pan Bian
Thank you for feeding back this patch.
I reviewed this and am thinking this must be sent to upstream.
Did you see any kernel oops on this bug ?
Regards,
Ryusuke Konishi
On Mon, 26 Nov 2018 11:08:29 +0800, Pan Bian wrote:
> brelse(bh) is called to drop the reference count of bh
Hi, Pan Bian
Thank you for feeding back this patch.
I reviewed this and am thinking this must be sent to upstream.
Did you see any kernel oops on this bug ?
Regards,
Ryusuke Konishi
On Mon, 26 Nov 2018 11:08:29 +0800, Pan Bian wrote:
> brelse(bh) is called to drop the reference count of bh
brelse(bh) is called to drop the reference count of bh when the call
to nilfs_dat_translate fails. If the reference count hits 0, bh may be
freed. However, bh->b_page is unlocked and put after that, which may
result in a use-after-free bug. This patch moves the release operation
after unlocking
brelse(bh) is called to drop the reference count of bh when the call
to nilfs_dat_translate fails. If the reference count hits 0, bh may be
freed. However, bh->b_page is unlocked and put after that, which may
result in a use-after-free bug. This patch moves the release operation
after unlocking
6 matches
Mail list logo
