Re: mm: use after free and panic in free_pages_and_swap_cache

From: Michal Hocko
Date: Wed Aug 12 2015 - 08:28:31 EST

Next message: Yong Wu: "Re: [PATCH v4 5/6] iommu/mediatek: Add mt8173 IOMMU driver"
Previous message: Stephen Rothwell: "Re: linux-next: build failure after merge of the gpio tree"
In reply to: Sasha Levin: "mm: use after free and panic in free_pages_and_swap_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon 10-08-15 09:37:06, Sasha Levin wrote:
> Hi all,

Hi Sasha,

> While fuzzing with trinity inside a KVM tools guest running -next I've
> stumbled on the following:

Could post your config somewhere please? Or maybe just the disassemble
of free_pages_and_swap_cache and tlb_flush_mmu_free should be sufficient.

I am not sure I read the report properly. It all seem to point to
free_pages_and_swap_cache resp. tlb_flush_mmu_free but I fail to see
what could be wrong there. The last reference on the page should be
dropped in release_pages. The given pages array shouldn't be freed
behind our back as well because mmu_gather is local to this path.

--
Michal Hocko
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Yong Wu: "Re: [PATCH v4 5/6] iommu/mediatek: Add mt8173 IOMMU driver"
Previous message: Stephen Rothwell: "Re: linux-next: build failure after merge of the gpio tree"
In reply to: Sasha Levin: "mm: use after free and panic in free_pages_and_swap_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]