Re: [PATCH v5 2/3] tty: fix data race in tty_buffer_flush

From: Peter Hurley
Date: Thu Sep 17 2015 - 13:39:00 EST

Next message: Luis de Bethencourt: "[PATCH 0/2] memory: Fix module autoload for OF platform driver"
Previous message: Mark Brown: "Re: [linux-sunxi] Re: [PATCH 2/2] ASoC: sunxi: add support for the on-chip codec on early Allwinner SoCs"
In reply to: Dmitry Vyukov: "[PATCH v5 2/3] tty: fix data race in tty_buffer_flush"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 17, 2015 at 11:17 AM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
> tty_buffer_flush frees not acquired buffers.
> As the result, for example, read of b->size in tty_buffer_free
> can return garbage value which will lead to a huge buffer
> hanging in the freelist. This is just the benignest
> manifestation of freeing of a not acquired object.
> If the object is passed to kfree, heap can be corrupted.
>
> Acquire visibility over the buffer before freeing it.
>
> The data race was found with KernelThreadSanitizer (KTSAN).

Reviewed-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luis de Bethencourt: "[PATCH 0/2] memory: Fix module autoload for OF platform driver"
Previous message: Mark Brown: "Re: [linux-sunxi] Re: [PATCH 2/2] ASoC: sunxi: add support for the on-chip codec on early Allwinner SoCs"
In reply to: Dmitry Vyukov: "[PATCH v5 2/3] tty: fix data race in tty_buffer_flush"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]