From: Eric Dumazet
Date: Thu, 31 Jan 2019 08:47:10 -0800
> syzbot was able to catch a bug in rds [1]
>
> The issue here is that the socket might be found in a hash table
> but that its refcount has already be set to 0 by another cpu.
>
> We need to use refcount_inc_not_zero() to be safe here.
On 1/31/2019 8:47 AM, Eric Dumazet wrote:
syzbot was able to catch a bug in rds [1]
The issue here is that the socket might be found in a hash table
but that its refcount has already be set to 0 by another cpu.
We need to use refcount_inc_not_zero() to be safe here.
[1]
refcount_t: increment
syzbot was able to catch a bug in rds [1]
The issue here is that the socket might be found in a hash table
but that its refcount has already be set to 0 by another cpu.
We need to use refcount_inc_not_zero() to be safe here.
[1]
refcount_t: increment on 0; use-after-free.
WARNING: CPU: 1 PID: 2
