Re: [PATCH v5 2/3] tty: fix data race in tty_buffer_flush

From: Peter Hurley
Date: Thu Sep 17 2015 - 13:39:00 EST


On Thu, Sep 17, 2015 at 11:17 AM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
> tty_buffer_flush frees not acquired buffers.
> As the result, for example, read of b->size in tty_buffer_free
> can return garbage value which will lead to a huge buffer
> hanging in the freelist. This is just the benignest
> manifestation of freeing of a not acquired object.
> If the object is passed to kfree, heap can be corrupted.
>
> Acquire visibility over the buffer before freeing it.
>
> The data race was found with KernelThreadSanitizer (KTSAN).

Reviewed-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/