Re: timerfd: use-after-free in timerfd_remove_cancel
From: Thomas Gleixner
Date: Tue Jan 31 2017 - 06:45:25 EST
On Tue, 31 Jan 2017, Thomas Gleixner wrote:
> On Mon, 30 Jan 2017, Dmitry Vyukov wrote:
> > Seems that ctx->might_cancel is racy.
> Yes, it is. Fix below.
And the fix is racy as well. Darn, we really need to lock the context to
avoid that mess.