[PATCH 0/2] Fix fuse sync io races
Seth Forshee
seth.forshee at canonical.com
Tue Mar 22 13:51:57 UTC 2016
BugLink: http://bugs.launchpad.net/bugs/1505948
Impact: Races in fuse's synchronous io handling can result in
use-after-free bugs which are causing kernel crashes.
Fix: Two commits from fuse-next, one which simply caches the result of a
test to avoid a use-after-free and another which adds reference counting
to the fuse_io_priv struct to get rid of some convoluted rules for
determining when this structure can be freed.
Test case: Tested on LP #1505948.
Note that these patches are only for wily and xenial, but the first
patch fixes a bug introduced in 3.10. The problems have only been seen
in 4.1 and later kernels, so it's likely the second patch that really
fixes this bug and we can just wait for the first patch to make its way
to older kernels via upstream stable.
Thanks,
Seth
More information about the kernel-team
mailing list