From: Greg KH <gregkh@linuxfoundation.org>
To: Genjian <zhanggenjian@126.com>
Cc: stable@vger.kernel.org, axboe@kernel.dk, stable@kernel.org,
linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
zhanggenjian123@gmail.com,
Genjian Zhang <zhanggenjian@kylinos.cn>
Subject: Re: [PATCH 4.19.y 0/9] Fix the UAF issue caused by the loop driver
Date: Mon, 4 Mar 2024 14:31:20 +0100 [thread overview]
Message-ID: <2024030421-obedient-unbalance-a728@gregkh> (raw)
In-Reply-To: <20240301013028.2293831-1-zhanggenjian@126.com>
On Fri, Mar 01, 2024 at 09:30:19AM +0800, Genjian wrote:
> From: Genjian Zhang <zhanggenjian@kylinos.cn>
>
> Hello!
>
> We found that 2035c770bfdb ("loop: Check for overflow while configuring loop") lost a unlock loop_ctl_mutex in loop_get_status(...).
> which caused syzbot to report a UAF issue. However, the upstream patch does not have this issue.
> So, we revert this patch and directly apply the unmodified upstream patch.
>
> Risk use-after-free as reported by syzbot:
This looks good, but you are backporting commits that are NOT in newer
stable releases (i.e. from 5.8 but the commit is not in 5.4.y), is that
intentional?
Does 5.4.y also have this problem? If so, can you send a series that
fixes that up so I can take both of them at the same time?
thanks,
greg k-h
next prev parent reply other threads:[~2024-03-04 13:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-01 1:30 [PATCH 4.19.y 0/9] Fix the UAF issue caused by the loop driver Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 1/9] Revert "loop: Check for overflow while configuring loop" Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 2/9] loop: Call loop_config_discard() only after new config is applied Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 3/9] loop: Remove sector_t truncation checks Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 4/9] loop: Factor out setting loop device size Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 5/9] loop: Refactor loop_set_status() size calculation Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 6/9] loop: properly observe rotational flag of underlying device Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 7/9] loop: Factor out configuring loop from status Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 8/9] loop: Check for overflow while configuring loop Genjian
2024-03-01 1:30 ` [PATCH 4.19.y 9/9] loop: loop_set_status_from_info() check before assignment Genjian
2024-03-04 13:31 ` Greg KH [this message]
2024-03-07 2:34 ` Re:Re: [PATCH 4.19.y 0/9] Fix the UAF issue caused by the loop driver genjian zhang
2024-03-29 12:38 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024030421-obedient-unbalance-a728@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=zhanggenjian123@gmail.com \
--cc=zhanggenjian@126.com \
--cc=zhanggenjian@kylinos.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.