Fwd: Use-after-free in page_cache_async_readahead

From: Andrey Konovalov
Date: Mon Sep 07 2015 - 12:40:07 EST

On Thu, Sep 3, 2015 at 1:49 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
> On Wed, Sep 2, 2015 at 9:40 PM, Tejun Heo <tj@xxxxxxxxxx> wrote:
>> Hello, Andrey.
> Hello Tejun,
>> On Wed, Sep 02, 2015 at 01:08:52PM +0200, Andrey Konovalov wrote:
>>> While running KASAN on 4.2 with Trinity I got the following report:
>>> ==================================================================
>>> BUG: KASan: use after free in page_cache_async_readahead+0x2cb/0x3f0
>>> at addr ffff880034bf6690
>>> Read of size 8 by task sshd/2571
>>> =============================================================================
>>> BUG kmalloc-16 (Tainted: G W ): kasan: bad access detected
>>> -----------------------------------------------------------------------------
>>> Disabling lock debugging due to kernel taint
>>> INFO: Allocated in bdi_init+0x168/0x960 age=554826 cpu=0 pid=6
>> Can you please verify that the following patch fixes the issue?
> I've hit this bug only twice during 24 hours of fuzzing, so there's no
> fast way to verify this.
> I'll be testing with your patch now, and I'll let you know if I hit
> the bug again.

Hello Tejun,

I haven't seen any reports while testing with your patch for the last
few days, so I think it's safe to say that your patch fixes the issue.


> Thanks!
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/