On Fri, 6 Jun 2014, Andrey Ryabinin wrote: > While working address sanitizer for kernel I've discovered use-after-free > bug in __put_anon_vma. > For the last anon_vma, anon_vma->root freed before child anon_vma. > Later in anon_vma_free(anon_vma) we are referencing to already freed > anon_vma->root > to check rwsem. > This patch puts freeing of child anon_vma before freeing of anon_vma->root. > > Cc: <sta...@vger.kernel.org> # v3.0+ > Signed-off-by: Andrey Ryabinin <a.ryabi...@samsung.com>
Acked-by: David Rientjes <rient...@google.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/