Re: [V9fs-developer] [PATCH] 9p: fix Use-After-Free in p9_write_work()

From: Dominique Martinet
Date: Sun Jul 29 2018 - 20:18:40 EST

Next message: Keiji Hayashibara: "RE: [PATCH v2 2/2] spi: add SPI controller driver for UniPhier SoC"
Previous message: kernel test robot: "[LKP] a65f828111 BUG: kernel reboot-without-warning in boot stage"
In reply to: Dominique Martinet: "Re: [PATCH] 9p: fix Use-After-Free in p9_write_work()"
Next in thread: Dmitry Vyukov: "Re: [PATCH] 9p: fix Use-After-Free in p9_write_work()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dominique Martinet wrote on Mon, Jul 30, 2018:
> Basically, a more global view of the problem is a race between
> p9_tag_lookup returning a p9_req_t and another thread freeing it.

(just correcting myself here, p9_tag_lookup won't be enough for the
write side, but similarily you'd just need to increment the refcount
when you schedule work with it and decrement when the worker is done)

--
Dominique

Next message: Keiji Hayashibara: "RE: [PATCH v2 2/2] spi: add SPI controller driver for UniPhier SoC"
Previous message: kernel test robot: "[LKP] a65f828111 BUG: kernel reboot-without-warning in boot stage"
In reply to: Dominique Martinet: "Re: [PATCH] 9p: fix Use-After-Free in p9_write_work()"
Next in thread: Dmitry Vyukov: "Re: [PATCH] 9p: fix Use-After-Free in p9_write_work()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]