On 03/19/2013 09:02 PM, Ming Lei wrote: > Hi Sasha, > > On Wed, Mar 20, 2013 at 12:28 AM, Sasha Levin <levinsasha...@gmail.com> wrote: >> On 03/19/2013 07:54 AM, Ming Lei wrote: >> >> With v3 of the patch: >> >> [ 1275.665758] sysfs_dir_pos-973 sysfs_dirent use after free: >> tun(tun)-uevent, 2-1472641949 > > Thanks again for your test. > > Looks it is caused by another bug in sysfs_readdir: if filldir() returns > failure(such as small buffer length passed from userspace, very probably > for trinity) in case of 'if (filp->f_pos == 0 or 1)', > filp->private_data still will > point to one refcount-balanced sysfs_dirent object. > > V4 adds fix for this situation, please test attachment v4 patch.
With this one it didn't happen at all during overnight tests so looks like it did the job. Thanks! -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
