Skip to content
Snippets Groups Projects
Commit fc750ea7 authored by y00230200's avatar y00230200 Committed by Hongliang Yang
Browse files

blk-mq: fix race between timeout and freeing request 

CVE-2015-9016

Inside timeout handler, blk_mq_tag_to_rq() is called
to retrieve the request from one tag. This way is obviously
wrong because the request can be freed any time and some
fiedds of the request can't be trusted, then kernel oops
might be triggered[1].
parent 6079cf8b
Branches
Tags
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment