git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 29 Jan 2018 16:16:11 +0000 (17:16 +0100)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 14 Mar 2018 10:40:54 +0000 (11:40 +0100)
commit	fbbe56c90f403c13f93ce45e3709188bd442cd5d
tree	d1f4db1399fe1aeaf8188fe6be56edf8e69570f0	tree
parent	fa440c011c8b0cfbf2a527cfbf8cd7457d0b7864	commit \| diff

loop: fix concurrent lo_open/lo_release

CVE-2018-5344

范龙飞 reports that KASAN can report a use-after-free in __lock_acquire.
The reason is due to insufficient serialization in lo_release(), which
will continue to use the loop device even after it has decremented the
lo_refcnt to zero.

In the meantime, another process can come in, open the loop device
again as it is being shut down. Confusion ensues.

Reported-by: 范龙飞 <long7573@126.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5)
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>