On Thu, 2016-10-20 at 18:12 -0700, Cong Wang wrote:
> If this is the cause of the hashlist corruption (I am still unsure about
> this),
> then why only UDP? Don't all of those using ip4_datagram_connect()
> as ->connect() and using udp_disconnect() as ->disconnect() need this fix?
>
> For exampl
On Thu, Oct 20, 2016 at 9:39 AM, Eric Dumazet wrote:
> From: Eric Dumazet
>
> Baozeng Ding reported KASAN traces showing uses after free in
> udp_lib_get_port() and other related UDP functions.
>
> A CONFIG_DEBUG_PAGEALLOC=y kernel would eventually crash.
>
> I could write a reproducer with two t
On Thu, 2016-10-20 at 14:46 -0400, David Miller wrote:
>
> Applied, sounds like I should queue this up for -stable too right?
Yes, I believe all stable versions have this bug.
Thanks.
From: Eric Dumazet
Date: Thu, 20 Oct 2016 09:39:40 -0700
> From: Eric Dumazet
>
> Baozeng Ding reported KASAN traces showing uses after free in
> udp_lib_get_port() and other related UDP functions.
>
> A CONFIG_DEBUG_PAGEALLOC=y kernel would eventually crash.
>
> I could write a reproducer wi
From: Eric Dumazet
Baozeng Ding reported KASAN traces showing uses after free in
udp_lib_get_port() and other related UDP functions.
A CONFIG_DEBUG_PAGEALLOC=y kernel would eventually crash.
I could write a reproducer with two threads doing :
static int sock_fd;
static void *thr1(void *arg)
{
