Date: Wed, 18 Jan 2012 13:30:44 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: kernel: Unused iocbs in a batch should not be accounted as active commit 69e4747ee9727d660b88d7e1efe0f4afcb35db1b Author: Gleb Natapov <gleb@...hat.com> Date: Sun Jan 8 17:07:28 2012 +0200 Unused iocbs in a batch should not be accounted as active. Since commit 080d676de095 ("aio: allocate kiocbs in batches") iocbs are allocated in a batch during processing of first iocbs. All iocbs in a batch are automatically added to ctx->active_reqs list and accounted in ctx->reqs_active. If one (not the last one) of iocbs submitted by an user fails, further iocbs are not processed, but they are still present in ctx->active_reqs and accounted in ctx->reqs_active. This causes process to stuck in a D state in wait_for_all_aios() on exit since ctx->reqs_active will never go down to zero. Furthermore since kiocb_batch_free() frees iocb without removing it from active_reqs list the list become corrupted which may cause oops. Fix this by removing iocb from ctx->active_reqs and updating ctx->reqs_active in kiocb_batch_free(). Signed-off-by: Gleb Natapov <gleb@...hat.com> Reviewed-by: Jeff Moyer <jmoyer@...hat.com> Cc: stable@...nel.org # 3.2 Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org> Issue introduced in v3.2-rc1 via commit 080d676d. Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ