On 03/30/2017 04:37 PM, Pavel Machek wrote:
>
>> 3) This might produce false positives. E.g. module may defer vfree() in
>> workqueue, so the
>> actual vfree() call happens after module unloaded.
>
> Umm. Really?
>
I should have been more specific. I meant vfree() called by module from the
interrupt context.
In that case the actual __vunmap() will be deferred via schedule_work() thus it
might happen
after the module unloaded.
See 32fcfd40715e ("make vfree() safe to call from interrupt contexts")
> I agree that module may alloc memory and pass it to someone else. Ok
> so far.
>
Right. In the case with vfree() from interrupt we actually pass the memory to
the core code to free it later.
> But if module code executes after module is unloaded -- that is use
> after free -- right?
Sure, module code can't execute after module unloaded, it doesn't exist anymore.
