staging: erofs: compressed_pages should not be accessed again after freed - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Gao Xiang <gaoxiang25@huawei.com>	2019-02-27 13:33:30 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-02-27 15:41:57 +0100
commit	af692e117cb8cd9d3d844d413095775abc1217f9 (patch)
tree	22f9a66ab2dec7c87e91655538557833925d4534 /lib
parent	11f27765f61175ac9602a05e305b9034dc6c80bf (diff)
download	linux-af692e117cb8cd9d3d844d413095775abc1217f9.tar.bz2

staging: erofs: compressed_pages should not be accessed again after freed

This patch resolves the following page use-after-free issue, z_erofs_vle_unzip: ... for (i = 0; i < nr_pages; ++i) { ... z_erofs_onlinepage_endio(page); (1) } for (i = 0; i < clusterpages; ++i) { page = compressed_pages[i]; if (page->mapping == mngda) (2) continue; /* recycle all individual staging pages */ (void)z_erofs_gather_if_stagingpage(page_pool, page); (3) WRITE_ONCE(compressed_pages[i], NULL); } ... After (1) is executed, page is freed and could be then reused, if compressed_pages is scanned after that, it could fall info (2) or (3) by mistake and that could finally be in a mess. This patch aims to solve the above issue only with little changes as much as possible in order to make the fix backport easier. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable@vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: