TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge tag 'block-6.13-20250111' of git://git.kernel.dk/linux

Browse Source 
Pull block fix from Jens Axboe:
 "A single fix for a use-after-free in the BFQ IO scheduler"

* tag 'block-6.13-20250111' of git://git.kernel.dk/linux:
  block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
This commit is contained in:
Linus Torvalds
2025-01-11 11:17:08 -08:00
parent 52a5a22d8a fcede1f0a0
commit 05c2d1f272
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
block/bfq-iosched.c
+10 -2
View File
@@ -6844,16 +6844,24 @@ static struct bfq_queue *bfq_waker_bfqq(struct bfq_queue *bfqq)
if (new_bfqq == waker_bfqq) {
/*
* If waker_bfqq is in the merge chain, and current
* is the only procress.
* is the only process, waker_bfqq can be freed.
*/
if (bfqq_process_refs(waker_bfqq) == 1)
return NULL;
break;
return waker_bfqq;
}
new_bfqq = new_bfqq->new_bfqq;
}
/*
* If waker_bfqq is not in the merge chain, and it's procress reference
* is 0, waker_bfqq can be freed.
*/
if (bfqq_process_refs(waker_bfqq) == 0)
return NULL;
return waker_bfqq;
}