Re: [PATCH] libiscsi: fix UAF when iscsi_conn_get_param and iscsi_conn_teardown concurrent
From: "Martin K. Petersen" <martin.petersen@oracle.com>
Date: 2021-12-23 05:09:27
From: "Martin K. Petersen" <martin.petersen@oracle.com>
Date: 2021-12-23 05:09:27
On Mon, 20 Dec 2021 19:39:06 +0800, lixiaokeng wrote:
|- iscsi_if_destroy_conn |-dev_attr_show
|-iscsi_conn_teardown
|-spin_lock_bh |-iscsi_sw_tcp_conn_get_param
|-kfree(conn->persistent_address) |-iscsi_conn_get_param
|-kfree(conn->local_ipaddr)
==>|-read persistent_address
==>|-read local_ipaddr
|-spin_unlock_bh
[...]
Applied to 5.16/scsi-fixes, thanks!
[1/1] libiscsi: fix UAF when iscsi_conn_get_param and iscsi_conn_teardown concurrent
https://git.kernel.org/mkp/scsi/c/1b8d0300a3e9
--
Martin K. Petersen Oracle Linux Engineering