[PATCH 0/2] mm/kmemleak: Simplify kmemleak_cond_resched() & fix UAF

From: Waiman Long
Date: Sat Dec 10 2022 - 18:02:05 EST

Next message: Waiman Long: "[PATCH 2/2] mm/kmemleak: Fix UAF bug in kmemleak_scan()"
Previous message: Waiman Long: "[PATCH 1/2] mm/kmemleak: Simplify kmemleak_cond_resched() usage"
Next in thread: Waiman Long: "[PATCH 1/2] mm/kmemleak: Simplify kmemleak_cond_resched() usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It was found that a KASAN use-after-free error was reported in the
kmemleak_scan() function. After further examination, it is believe
that even though a reference is taken from the current object, it does
not prevent the object pointed to by the next pointer from going away
after a cond_resched(). So the heuristics is now changed to restart
scanning from the beginning of object_list in case the current object
is no longer in the object_list, i.e. OBJECT_ALLOCATED flag not set.

While making the change, I also simplify the current usage of
kmemleak_cond_resched() to make it easier to understand.

Waiman Long (2):
mm/kmemleak: Simplify kmemleak_cond_resched() usage
mm/kmemleak: Fix UAF bug in kmemleak_scan()

mm/kmemleak.c | 59 ++++++++++++++++++++-------------------------------
1 file changed, 23 insertions(+), 36 deletions(-)

--
2.31.1

Next message: Waiman Long: "[PATCH 2/2] mm/kmemleak: Fix UAF bug in kmemleak_scan()"
Previous message: Waiman Long: "[PATCH 1/2] mm/kmemleak: Simplify kmemleak_cond_resched() usage"
Next in thread: Waiman Long: "[PATCH 1/2] mm/kmemleak: Simplify kmemleak_cond_resched() usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]