Two bug fix commit fixes in the ubi_resize_volume() were fixed by a patch in the mailing list
ZhaoLong Wang
wangzhaolong1 at huawei.com
Sun Apr 2 19:04:02 PDT 2023
Hi
Mainline fix commit 1e591ea072df ("ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()")
and 9af31d6ec1a4 ("ubi: Fix use-after-free when volume resizing failed") involve fixing memory security issues, which
were fixed by a patch [1] ("ubi: fix slab-out-of-bounds in ubi_eba_get_ldesc+0xfb/0x130") that was on the mailing list
in 2022. In addition to fixing the race issue, I think this fix keeping old_eba_tbl might be a better solution to the UAF
problem.
I'd like to know why patch[1] didn't get into the mainline.
[1] http://patchwork.ozlabs.org/project/linux-mtd/patch/20220124024056.1996763-1-guoxuenan@huawei.com/
Best Regards,
ZhaoLong Wang
More information about the linux-mtd
mailing list