gfs2: Fix slab-use-after-free in gfs2_qd_dealloc - kernel

diff options

author	Juntong Deng <[email protected]>	2023-10-29 21:10:06 +0000
committer	Andreas Gruenbacher <[email protected]>	2023-11-06 00:51:26 +0000
commit	bdcb8aa434c6d36b5c215d02a9ef07551be25a37 (patch)
tree	1154c109e3ce89a69219fc439f53ec56158f4c9e /drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
parent	gfs2: Silence "suspicious RCU usage in gfs2_permission" warning (diff)
download	kernel-bdcb8aa434c6d36b5c215d02a9ef07551be25a37.tar.gz kernel-bdcb8aa434c6d36b5c215d02a9ef07551be25a37.zip

gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling gfs2_make_fs_ro(), there is no need to call them again. Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=29c47e9e51895928698c Signed-off-by: Juntong Deng <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: