Re: [PATCH v8 13/19] locking/rwsem: Make rwsem->owner an atomic_long_t

From: Peter Zijlstra
Date: Sat Jul 20 2019 - 07:10:35 EST

Next message: Peter Zijlstra: "Re: [PATCH] x86/entry/64: Prevent clobbering of saved CR2 value"
Previous message: Mike Lothian: "Re: [PATCH v2] kbuild: Fail if gold linker is detected"
In reply to: Luis Henriques: "Re: [PATCH v8 13/19] locking/rwsem: Make rwsem->owner an atomic_long_t"
Next in thread: Waiman Long: "Re: [PATCH v8 13/19] locking/rwsem: Make rwsem->owner an atomic_long_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 20, 2019 at 09:41:05AM +0100, Luis Henriques wrote:
> [ 39.801179] ==================================================================
> [ 39.801973] BUG: KASAN: use-after-free in rwsem_down_write_slowpath (/home/miguel/kernel/linux/kernel/locking/rwsem.c:669 /home/miguel/kernel/linux/kernel/locking/rwsem.c:1125)

That's rwsem_can_spin_on_owner(), specifically line 669 seems to suggest
owner_on_cpu().

So we'd somehow have a dead owner; I'm not immediately seeing how that
can happen.

Next message: Peter Zijlstra: "Re: [PATCH] x86/entry/64: Prevent clobbering of saved CR2 value"
Previous message: Mike Lothian: "Re: [PATCH v2] kbuild: Fail if gold linker is detected"
In reply to: Luis Henriques: "Re: [PATCH v8 13/19] locking/rwsem: Make rwsem->owner an atomic_long_t"
Next in thread: Waiman Long: "Re: [PATCH v8 13/19] locking/rwsem: Make rwsem->owner an atomic_long_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]