Commit 98cd4a57 authored by Li Nan's avatar Li Nan Committed by Yongqiang Liu
Browse files

md: fix uaf in md_wakeup_thread 

hulk inclusion
category: bugfix
bugzilla: 188227, https://gitee.com/openeuler/kernel/issues/I6AG8P


CVE: NA

--------------------------------

There is no lock protection in md_wakeup_thread() and sync_thread might be
freed during wake up as below. Use pers_lock to protect it.

T1			T2
			md_start_sync
			 md_register_thread
			 md_wakeup_thread
raid1d
 md_check_recovery
  md_reap_sync_thread
   md_unregister_thread
    kfree
			  wake_up
			   ->sync_thread was freed

Fixes: fac05f256691f ("md: don't start resync thread directly from md thread")
Signed-off-by: default avatarLi Nan <linan122@huawei.com>
Reviewed-by: default avatarHou Tao <houtao1@huawei.com>
Signed-off-by: default avatarYongqiang Liu <liuyongqiang13@huawei.com>
parent db0bbc90
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment