projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d9971fa)
dm integrity: Fix UAF in dm_integrity_dtr()
authorLuo Meng <luomeng12@huawei.com>
Tue, 29 Nov 2022 02:48:50 +0000 (10:48 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 7 Jan 2023 10:11:45 +0000 (11:11 +0100)
commit f50cb2cbabd6c4a60add93d72451728f86e4791c upstream.

Dm_integrity also has the same UAF problem when dm_resume()
and dm_destroy() are concurrent.

Therefore, cancelling timer again in dm_integrity_dtr().

Cc: stable@vger.kernel.org
Fixes: 7eada909bfd7a ("dm: add integrity target")
Signed-off-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/md/dm-integrity.c patch | blob | history

diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index e97e9f9..1388ee3 100644 (file)
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -4558,6 +4558,8 @@ static void dm_integrity_dtr(struct dm_target *ti)
        BUG_ON(!RB_EMPTY_ROOT(&ic->in_progress));
        BUG_ON(!list_empty(&ic->wait_list));
 
+       if (ic->mode == 'B')
+               cancel_delayed_work_sync(&ic->bitmap_flush_work);
        if (ic->metadata_wq)
                destroy_workqueue(ic->metadata_wq);
        if (ic->wait_wq)
Domain: System / Kernel;