subject:"\[PATCH < v3.10\] ipc\/msg\: fix race around refcount"

Re: [PATCH < v3.10] ipc/msg: fix race around refcount

2014-04-06 Thread Ben Hutchings

On Wed, 2014-03-26 at 14:12 +0400, Konstantin Khlebnikov wrote: > In older kernels (before v3.10) ipc_rcu_hdr->refcount was non-atomic int. > There was possuble double-free bug: do_msgsnd() calls ipc_rcu_putref() under > msq->q_perm->lock and RCU, while freequeue() calls it while it holds only > 'r

Re: [PATCH < v3.10] ipc/msg: fix race around refcount

2014-03-31 Thread Luís Henriques

On Wed, Mar 26, 2014 at 02:12:19PM +0400, Konstantin Khlebnikov wrote: > In older kernels (before v3.10) ipc_rcu_hdr->refcount was non-atomic int. > There was possuble double-free bug: do_msgsnd() calls ipc_rcu_putref() under > msq->q_perm->lock and RCU, while freequeue() calls it while it holds on

[PATCH < v3.10] ipc/msg: fix race around refcount

2014-03-26 Thread Konstantin Khlebnikov

In older kernels (before v3.10) ipc_rcu_hdr->refcount was non-atomic int. There was possuble double-free bug: do_msgsnd() calls ipc_rcu_putref() under msq->q_perm->lock and RCU, while freequeue() calls it while it holds only 'rw_mutex', so there is no sinchronization between them. Two function decr

Re: [PATCH < v3.10] ipc/msg: fix race around refcount

Re: [PATCH < v3.10] ipc/msg: fix race around refcount

[PATCH < v3.10] ipc/msg: fix race around refcount

3 matches

Site Navigation

Mail list logo

Footer information