Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit fda1d0ec authored by Linus Torvalds's avatar Linus Torvalds Committed by Usaamah Patel
Browse files

CVE-2018-5344: loop: fix concurrent lo_open/lo_release 



范龙飞 reports that KASAN can report a use-after-free in __lock_acquire.
The reason is due to insufficient serialization in lo_release(), which
will continue to use the loop device even after it has decremented the
lo_refcnt to zero.

In the meantime, another process can come in, open the loop device
again as it is being shut down. Confusion ensues.

Change-Id: Ib58f658b8b756d30c9f7363225e5749c939b7e56
Reported-by: default avatar范龙飞 <long7573@126.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 7bb86926
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment