mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-23 06:14:42 +08:00
4ecd9542db
There's a relatively rare race where we look at the per-cpu preallocated IDA bitmap, see it's NULL, allocate a new one, and atomically update it. If the kmalloc() happened to sleep and we were rescheduled to a different CPU, or an interrupt came in at the exact right time, another task might have successfully allocated a bitmap and already deposited it. I forgot what the semantics of cmpxchg() were and ended up freeing the wrong bitmap leading to KASAN reporting a use-after-free. Dmitry found the bug with syzkaller & wrote the patch. I wrote the test case that will reproduce the bug without his patch being applied. Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> |
||
---|---|---|
.. | ||
accounting | ||
arch | ||
build | ||
cgroup | ||
firewire | ||
gpio | ||
hv | ||
iio | ||
include | ||
kvm/kvm_stat | ||
laptop | ||
leds | ||
lguest | ||
lib | ||
net | ||
nfsd | ||
objtool | ||
pcmcia | ||
perf | ||
power | ||
scripts | ||
spi | ||
testing | ||
thermal/tmon | ||
time | ||
usb | ||
virtio | ||
vm | ||
Makefile |