mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 13:55:32 +00:00
4ecd9542db
There's a relatively rare race where we look at the per-cpu preallocated IDA bitmap, see it's NULL, allocate a new one, and atomically update it. If the kmalloc() happened to sleep and we were rescheduled to a different CPU, or an interrupt came in at the exact right time, another task might have successfully allocated a bitmap and already deposited it. I forgot what the semantics of cmpxchg() were and ended up freeing the wrong bitmap leading to KASAN reporting a use-after-free. Dmitry found the bug with syzkaller & wrote the patch. I wrote the test case that will reproduce the bug without his patch being applied. Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> |
||
|---|---|---|
| .. | ||
| generated | ||
| linux | ||
| .gitignore | ||
| benchmark.c | ||
| idr-test.c | ||
| iteration_check.c | ||
| linux.c | ||
| main.c | ||
| Makefile | ||
| multiorder.c | ||
| regression.h | ||
| regression1.c | ||
| regression2.c | ||
| regression3.c | ||
| tag_check.c | ||
| test.c | ||
| test.h | ||