On Fri, Jun 9, 2017 at 11:05 AM, Xin Long wrote:
> On Sat, Jun 10, 2017 at 1:01 AM, Cong Wang wrote:
>> This is what I thought in my first response, until I realized
>> it is not pure RCU, otherwise pmc->lock should not be taken
>> in igmpv3_send_cr(). It seems the code is mixing the use
>> of sp
On Sat, Jun 10, 2017 at 1:01 AM, Cong Wang wrote:
> On Fri, Jun 9, 2017 at 8:56 AM, Eric Dumazet wrote:
>> On Fri, 2017-06-09 at 14:24 +0800, Xin Long wrote:
>>> On Fri, Jun 9, 2017 at 8:59 AM, Cong Wang wrote:
>>>
>>> > On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet
>>> > wrote:
>>> >> I menti
On Fri, Jun 9, 2017 at 8:56 AM, Eric Dumazet wrote:
> On Fri, 2017-06-09 at 14:24 +0800, Xin Long wrote:
>> On Fri, Jun 9, 2017 at 8:59 AM, Cong Wang wrote:
>>
>> > On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet
>> > wrote:
>> >> I mentioned (in https://lkml.org/lkml/2017/5/31/619 ) that we might
On Fri, 2017-06-09 at 14:24 +0800, Xin Long wrote:
> On Fri, Jun 9, 2017 at 8:59 AM, Cong Wang wrote:
>
> > On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet wrote:
> >> I mentioned (in https://lkml.org/lkml/2017/5/31/619 ) that we might need
> >> to defer freeing after rcu grace period but for some
On Fri, Jun 9, 2017 at 2:05 PM, Cong Wang wrote:
> On Thu, Jun 8, 2017 at 6:37 PM, Eric Dumazet wrote:
>> On Thu, 2017-06-08 at 17:59 -0700, Cong Wang wrote:
>>> On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet wrote:
>>> > I mentioned (in https://lkml.org/lkml/2017/5/31/619 ) that we might need
>>>
On Fri, Jun 9, 2017 at 8:59 AM, Cong Wang wrote:
> On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet wrote:
>> I mentioned (in https://lkml.org/lkml/2017/5/31/619 ) that we might need
>> to defer freeing after rcu grace period but for some reason decided it
>> was not needed.
Yes, this one could fix
On Thu, Jun 8, 2017 at 6:37 PM, Eric Dumazet wrote:
> On Thu, 2017-06-08 at 17:59 -0700, Cong Wang wrote:
>> On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet wrote:
>> > I mentioned (in https://lkml.org/lkml/2017/5/31/619 ) that we might need
>> > to defer freeing after rcu grace period but for some
On Thu, 2017-06-08 at 17:59 -0700, Cong Wang wrote:
> On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet wrote:
> > I mentioned (in https://lkml.org/lkml/2017/5/31/619 ) that we might need
> > to defer freeing after rcu grace period but for some reason decided it
> > was not needed.
>
> This one makes
On Thu, Jun 8, 2017 at 1:33 PM, Eric Dumazet wrote:
> I mentioned (in https://lkml.org/lkml/2017/5/31/619 ) that we might need
> to defer freeing after rcu grace period but for some reason decided it
> was not needed.
This one makes sense, it is the second time I saw the use-after-free
in igmp co
On Fri, 2017-06-09 at 02:22 +0800, Xin Long wrote:
> On Thu, Jun 8, 2017 at 9:43 PM, Eric Dumazet wrote:
> > From: Eric Dumazet
> >
> > Andrey reported a use-after-free in add_grec(), courtesy of syzkaller.
> >
> > Problem here is that igmp_stop_timer() uses a del_timer(), so we can not
> > guara
On Thu, Jun 8, 2017 at 9:43 PM, Eric Dumazet wrote:
> From: Eric Dumazet
>
> Andrey reported a use-after-free in add_grec(), courtesy of syzkaller.
>
> Problem here is that igmp_stop_timer() uses a del_timer(), so we can not
> guarantee that another cpu is not servicing the timer.
>
> Therefore,
From: Eric Dumazet
Andrey reported a use-after-free in add_grec(), courtesy of syzkaller.
Problem here is that igmp_stop_timer() uses a del_timer(), so we can not
guarantee that another cpu is not servicing the timer.
Therefore, if igmp_group_dropped() call from ip_mc_dec_group() is
immediately
12 matches
Mail list logo
