[lucid, lucid/fsl-imx51 CVE 1/2] block: Fix io_context leak after clone with CLONE_IO
Andy Whitcroft
apw at canonical.com
Thu Mar 1 14:45:42 UTC 2012
From: Louis Rilling <louis.rilling at kerlabs.com>
With CLONE_IO, copy_io() increments both ioc->refcount and ioc->nr_tasks.
However exit_io_context() only decrements ioc->refcount if ioc->nr_tasks
reaches 0.
Always call put_io_context() in exit_io_context().
Signed-off-by: Louis Rilling <louis.rilling at kerlabs.com>
Signed-off-by: Jens Axboe <jens.axboe at oracle.com>
(cherry picked from commit 61cc74fbb87af6aa551a06a370590c9bc07e29d9)
CVE-2012-0879
BugLink: http://bugs.launchpad.net/bugs/940743
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
block/blk-ioc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/block/blk-ioc.c b/block/blk-ioc.c
index d4ed600..dcd0412 100644
--- a/block/blk-ioc.c
+++ b/block/blk-ioc.c
@@ -80,8 +80,8 @@ void exit_io_context(void)
ioc->aic->exit(ioc->aic);
cfq_exit(ioc);
- put_io_context(ioc);
}
+ put_io_context(ioc);
}
struct io_context *alloc_io_context(gfp_t gfp_flags, int node)
--
1.7.9
More information about the kernel-team
mailing list