Re: [patch 1/6] mmu_notifier: Core code

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Christoph Lameter <clameter@...>

Cc: Andrea Arcangeli <andrea@...>, Robin Holt <holt@...>, Avi Kivity <avi@...>, Izik Eidus <izike@...>, Nick Piggin <npiggin@...>, <kvm-devel@...>, Benjamin Herrenschmidt <benh@...>, Peter Zijlstra <a.p.zijlstra@...>, <steiner@...>, <linux-kernel@...>, <linux-mm@...>, <daniel.blueman@...>, Hugh Dickins <hugh@...>

Subject: Re: [patch 1/6] mmu_notifier: Core code

Date: Tuesday, January 29, 2008 - 12:07 pm

I am going to seperate my comments into individual replies to help
reduce the chance they are lost.

quoted text> +void mmu_notifier_release(struct mm_struct *mm)
...
quoted text> +		hlist_for_each_entry_safe_rcu(mn, n, t,
> +					  &mm->mmu_notifier.head, hlist) {
> +			if (mn->ops->release)
> +				mn->ops->release(mn, mm);
> +			hlist_del(&mn->hlist);

This is a use-after-free issue.  The hlist_del_rcu needs to be done before
the callout as the structure containing the mmu_notifier structure will
need to be freed from within the ->release callout.

Thanks,
Robin
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[patch 1/6] mmu_notifier: Core code, Christoph Lameter, (Mon Jan 28, 4:28 pm)

Re: [patch 1/6] mmu_notifier: Core code, Andy Whitcroft, (Tue Feb 5, 2:05 pm)

Re: [patch 1/6] mmu_notifier: Core code, Christoph Lameter, (Tue Feb 5, 2:19 pm)

Re: [patch 1/6] mmu_notifier: Core code, Peter Zijlstra, (Tue Feb 5, 2:17 pm)

Re: [patch 1/6] mmu_notifier: Core code, Robin Holt, (Tue Jan 29, 12:07 pm)

Re: [patch 1/6] mmu_notifier: Core code, Andrea Arcangeli, (Tue Jan 29, 9:59 am)

Re: [patch 1/6] mmu_notifier: Core code, Christoph Lameter, (Tue Jan 29, 3:49 pm)

Re: [patch 1/6] mmu_notifier: Core code, Avi Kivity, (Tue Jan 29, 4:41 pm)

Re: [patch 1/6] mmu_notifier: Core code, Andrea Arcangeli, (Tue Jan 29, 10:34 am)

Re: [patch 1/6] mmu_notifier: Core code, Robin Holt, (Mon Jan 28, 8:05 pm)

Re: [patch 1/6] mmu_notifier: Core code, Christoph Lameter, (Mon Jan 28, 9:19 pm)

Re: [patch 1/6] mmu_notifier: Core code, Christoph Lameter, (Mon Jan 28, 6:06 pm)


linux-kernel:
hooanon05	[PATCH 67/67] merge aufs
Greg Kroah-Hartman	[PATCH 008/196] Chinese: add translation of volatile-considered-harmful.txt
monstr	[PATCH 33/52] [microblaze] bug headers files
Oliver Pinter	Re: x86: 4kstacks default
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
David Miller	[GIT]: Networking
Natalie Protasevich	[BUG] New Kernel Bugs
openbsd-misc:

Re: [patch 1/6] mmu_notifier: Core code

Online users