Google Git
Sign in
android / kernel / msm.git / fc750ea71a597c6426ff563a9caf47db9cf090a4
commitfc750ea71a597c6426ff563a9caf47db9cf090a4[log] [tgz]
authory00230200 <yanghongliang.yang@huawei.com>Thu Jan 18 16:05:18 2018 +0800
committerHongliang Yang <yanghongliang.yang@huawei.com>Sat Jan 27 09:08:48 2018 +0000
treed931a9e442e0789be20a91589dd53b8f03efbb1b
parent6079cf8bb5dd3468ff6565683e69fdc151d16d23 [diff]
blk-mq: fix race between timeout and freeing request

CVE-2015-9016

Inside timeout handler, blk_mq_tag_to_rq() is called
to retrieve the request from one tag. This way is obviously
wrong because the request can be freed any time and some
fiedds of the request can't be trusted, then kernel oops
might be triggered[1].
5 files changed
tree: d931a9e442e0789be20a91589dd53b8f03efbb1b
  1. android/
  2. arch/
  3. block/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. linaro/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .gitignore
  25. .mailmap
  26. AndroidKernel.mk
  27. build.config
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS