APPLIED[B]: [SRU][X][A][B][PATCH 1/1] loop: fix concurrent lo_open/lo_release
Seth Forshee
seth.forshee at canonical.com
Wed Jan 31 11:25:59 UTC 2018
On Mon, Jan 29, 2018 at 05:16:11PM +0100, Kleber Sacilotto de Souza wrote:
> From: Linus Torvalds <torvalds at linux-foundation.org>
>
> CVE-2018-5344
>
> 范龙飞 reports that KASAN can report a use-after-free in __lock_acquire.
> The reason is due to insufficient serialization in lo_release(), which
> will continue to use the loop device even after it has decremented the
> lo_refcnt to zero.
>
> In the meantime, another process can come in, open the loop device
> again as it is being shut down. Confusion ensues.
>
> Reported-by: 范龙飞 <long7573 at 126.com>
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> Signed-off-by: Jens Axboe <axboe at kernel.dk>
> (cherry picked from commit ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5)
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Applied to bionic/master-next, thanks!
More information about the kernel-team
mailing list