CPU A: assume de->count = 1 (in de_put)
fs/proc/inode.c::44 if (!--de->count) {
de->count = 0
CPU B: (in remove_proc_entry)
fs/proc/generic.c::577 if (!de->count)
fs/proc/generic.c::578 free_proc_entry(de);
CPU A: (in de_put)
fs/proc/inode.c::45 if (de->deleted) { <-- dereferencing kfreed pointer
What does protect us from the preceding if lock_kernel is thrown ?
--
Ueimor
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
- [PATCH (2.4)] atomic use count for proc_dir_entry Dan Aloni
- Re: [PATCH (2.4)] atomic use count for proc_dir_e... Linus Torvalds
- Re: [PATCH (2.4)] atomic use count for proc_d... Dan Aloni
- Re: [PATCH (2.4)] atomic use count for pr... Dan Aloni
- Re: [PATCH (2.4)] atomic use count fo... Francois romieu
- Re: [PATCH (2.4)] atomic use cou... Dan Aloni
- Re: [PATCH (2.4)] atomic use count for proc_dir_e... Jacob Luna Lundberg
- Re: [PATCH (2.4)] atomic use count for proc_d... Dan Aloni
- Re: [PATCH (2.4)] atomic use count for pr... Jacob Luna Lundberg
- Re: [PATCH (2.4)] atomic use count fo... Dan Aloni
- Re: [PATCH (2.4)] atomic use count fo... Ingo Oeser
