Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

On Fri, Jun 05, 2020 at 04:42:36PM +0200, Jan Kara wrote: > On Fri 05-06-20 12:43:54, Dan Carpenter wrote: > > I wonder if maybe the best fix is to re-add the "if (!res) " check back > > to blkdev_get(). > > Well, it won't be that simple since we need to call bd_abort_claiming() > under

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

On Fri 05-06-20 12:43:54, Dan Carpenter wrote: > I wonder if maybe the best fix is to re-add the "if (!res) " check back > to blkdev_get(). Well, it won't be that simple since we need to call bd_abort_claiming() under bdev->bd_mutex. And the fact that __blkdev_get() frees the reference you pass

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

On Fri, Jun 5, 2020 at 11:46 AM Dan Carpenter wrote: > > A lot of maintainers have blocked Markus and asked him to stop trying > to help people write commit message. Saying "bdev" instead of "block > device" is more clear so your original message was better. > > The Fixes tag is a good idea

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

On Fri, Jun 05, 2020 at 12:56:45PM +0200, Markus Elfring wrote: > > A lot of maintainers have blocked Markus and asked him to stop trying > > to help people write commit message. > > I am trying to contribute a bit of patch review as usual. Please stop criticising people's commit messages. Your

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

On Fri, Jun 05, 2020 at 12:56:45PM +0200, Markus Elfring wrote: > > A lot of maintainers have blocked Markus and asked him to stop trying > > to help people write commit message. > > I am trying to contribute a bit of patch review as usual. > We have asked you again and again to stop commenting

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

> A lot of maintainers have blocked Markus and asked him to stop trying > to help people write commit message. I am trying to contribute a bit of patch review as usual. > Saying "bdev" instead of "block device" is more clear I find this view interesting. > so your original message was

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

A lot of maintainers have blocked Markus and asked him to stop trying to help people write commit message. Saying "bdev" instead of "block device" is more clear so your original message was better. The Fixes tag is a good idea though: Fixes: 89e524c04fa9 ("loop: Fix mount(2) failure due to race

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

Hi, Markus Thanks for the review. Sorry for the wording because I'm not an English native speaker. 在 2020/6/5 16:30, Markus Elfring 写道: Would you like to add the tag “Fixes” to the commit message? I tried to find the commit in the git history which introduced this issue, but I am not

Re: [PATCH v2] block: Fix use-after-free in blkdev_get()

> … released the refcount of the bdev (actually the refcount of > the bdev inode). Wording adjustments: … released the reference count of the block device inode. > … access bdev after … … access block device after … > accually bdev is … bdev is … > … This may leads to use-after-free if

[PATCH v2] block: Fix use-after-free in blkdev_get()

In blkdev_get() we call __blkdev_get() to do some internal jobs and if there is some errors in __blkdev_get(), the bdput() is called which means we have released the refcount of the bdev (actually the refcount of the bdev inode). This means we cannot access bdev after that point. But accually bdev