Re: [PATCH] profiling: prevent stale prof_cpu_mask access on init failure

Next message: syzbot: "Forwarded: [PATCH] nbd: don't warn when reclassifying a busy socket lock"
Previous message: Kurt Borja: "Re: [PATCH RFC 3/3] dt-bindings: iio: adc: Add burn-out current properties"
In reply to: Tetsuo Handa: "Re: [PATCH] profiling: prevent stale prof_cpu_mask access on init failure"
Next in thread: Tristan Madani: "[PATCH v2] profiling: don't free prof_cpu_mask on init failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tristan Madani

Date: Sun Jun 21 2026 - 19:45:52 EST

On 2026/06/22 07:49, Tetsuo Handa wrote:
> NAK. This is a use-after-free read bug.
>
> Correct fix is to remove a commit which adds "free_cpumask_var(prof_cpu_mask);".

You're right, the flag check races with the free. v2 will just
remove the free_cpumask_var() call instead.

> Which tree are you talking about?

This is for stable (6.1.y, 6.6.y, 6.8.y) where prof_cpu_mask
still exists.

Thanks,
Tristan