Re: Use after free in __dst_destroy_metrics_generic

On Sat, Sep 16, 2017 at 5:40 AM, Julian Anastasov wrote: > > Hello, > > On Fri, 15 Sep 2017, Subash Abhinov Kasiviswanathan wrote: > >> > May be I'm missing some posting but I don't see if >> > the patch was tested successfully. >> > >> Hi Julian >> >> I've had this patch being tested

Re: Use after free in __dst_destroy_metrics_generic

On Fri, Sep 15, 2017 at 2:00 PM, Eric Dumazet wrote: > > Hi Cong > > I believe your patch makes a lot of sense, please submit it formally ? > I have been waiting for Subash's testing, since I myself never even run it.

Re: Use after free in __dst_destroy_metrics_generic

Hello, On Fri, 15 Sep 2017, Subash Abhinov Kasiviswanathan wrote: > > May be I'm missing some posting but I don't see if > > the patch was tested successfully. > > > Hi Julian > > I've had this patch being tested for the last 3-4 days in our regression rack > and I haven't seen the

Re: Use after free in __dst_destroy_metrics_generic

May be I'm missing some posting but I don't see if the patch was tested successfully. Regards -- Julian Anastasov Hi Julian I've had this patch being tested for the last 3-4 days in our regression rack and I haven't seen the same issue being reproduced or even a related crash or l

Re: Use after free in __dst_destroy_metrics_generic

Hello, On Fri, 15 Sep 2017, Eric Dumazet wrote: > On Fri, 2017-09-08 at 09:10 -0700, Cong Wang wrote: > > On Thu, Sep 7, 2017 at 5:52 PM, Subash Abhinov Kasiviswanathan > > wrote: > > > We are seeing a possible use after free in ip6_dst_destroy. > > > > > > It appears as if memory of th

Re: Use after free in __dst_destroy_metrics_generic

On Fri, 2017-09-08 at 09:10 -0700, Cong Wang wrote: > On Thu, Sep 7, 2017 at 5:52 PM, Subash Abhinov Kasiviswanathan > wrote: > > We are seeing a possible use after free in ip6_dst_destroy. > > > > It appears as if memory of the __DST_METRICS_PTR(old) was freed in some path > > and allocated > > t

Re: Use after free in __dst_destroy_metrics_generic

On 2017-09-08 10:10, Cong Wang wrote: On Thu, Sep 7, 2017 at 5:52 PM, Subash Abhinov Kasiviswanathan wrote: We are seeing a possible use after free in ip6_dst_destroy. It appears as if memory of the __DST_METRICS_PTR(old) was freed in some path and allocated to ion driver. ion driver has als

Re: Use after free in __dst_destroy_metrics_generic

On Fri, 2017-09-08 at 10:19 -0700, David Miller wrote: > From: Eric Dumazet > Date: Fri, 08 Sep 2017 10:16:53 -0700 > > > On Fri, 2017-09-08 at 09:10 -0700, Cong Wang wrote: > >> On Thu, Sep 7, 2017 at 5:52 PM, Subash Abhinov Kasiviswanathan > >> wrote: > >> > We are seeing a possible use after

Re: Use after free in __dst_destroy_metrics_generic

From: Eric Dumazet Date: Fri, 08 Sep 2017 10:16:53 -0700 > On Fri, 2017-09-08 at 09:10 -0700, Cong Wang wrote: >> On Thu, Sep 7, 2017 at 5:52 PM, Subash Abhinov Kasiviswanathan >> wrote: >> > We are seeing a possible use after free in ip6_dst_destroy. >> > >> > It appears as if memory of the __D

Re: Use after free in __dst_destroy_metrics_generic

On Fri, 2017-09-08 at 09:10 -0700, Cong Wang wrote: > On Thu, Sep 7, 2017 at 5:52 PM, Subash Abhinov Kasiviswanathan > wrote: > > We are seeing a possible use after free in ip6_dst_destroy. > > > > It appears as if memory of the __DST_METRICS_PTR(old) was freed in some path > > and allocated > > t

Re: Use after free in __dst_destroy_metrics_generic

On Fri, 8 Sep 2017 09:12:09 -0700 Cong Wang wrote: > On Thu, Sep 7, 2017 at 5:56 PM, Stefano Brivio wrote: > > On Thu, 07 Sep 2017 18:52:02 -0600 > > Subash Abhinov Kasiviswanathan wrote: > > > >> We are seeing a possible use after free in ip6_dst_destroy. > >> > >> It appears as if memory of

Re: Use after free in __dst_destroy_metrics_generic

On Thu, Sep 7, 2017 at 5:56 PM, Stefano Brivio wrote: > On Thu, 07 Sep 2017 18:52:02 -0600 > Subash Abhinov Kasiviswanathan wrote: > >> We are seeing a possible use after free in ip6_dst_destroy. >> >> It appears as if memory of the __DST_METRICS_PTR(old) was freed in some >> path and allocated >

Re: Use after free in __dst_destroy_metrics_generic

On Thu, Sep 7, 2017 at 5:52 PM, Subash Abhinov Kasiviswanathan wrote: > We are seeing a possible use after free in ip6_dst_destroy. > > It appears as if memory of the __DST_METRICS_PTR(old) was freed in some path > and allocated > to ion driver. ion driver has also freed it. Finally the memory is

Re: Use after free in __dst_destroy_metrics_generic

[ 3489.194392] __ion_alloc+0x180/0x988 I do not see the __ion_alloc function in my tree. Hi David This function seems to be defined in an Android specific change. https://android.googlesource.com/kernel/msm/+/20a5411d0115b16826f3d327b6abb0192c8a2001 -- Qualcomm Innovation Center, Inc. The

Re: Use after free in __dst_destroy_metrics_generic

From: Subash Abhinov Kasiviswanathan Date: Thu, 07 Sep 2017 18:52:02 -0600 > [ 3489.194392] __ion_alloc+0x180/0x988 I do not see the __ion_alloc function in my tree.

Re: Use after free in __dst_destroy_metrics_generic

Should be fixed by: commit ad65a2f05695aced349e308193c6e2a6b1d87112 Author: Wei Wang Date: Sat Jun 17 10:42:35 2017 -0700 ipv6: call dst_hold_safe() properly Thanks for the info Stefano. -- Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of Code Auror

Re: Use after free in __dst_destroy_metrics_generic

On Thu, 07 Sep 2017 18:52:02 -0600 Subash Abhinov Kasiviswanathan wrote: > We are seeing a possible use after free in ip6_dst_destroy. > > It appears as if memory of the __DST_METRICS_PTR(old) was freed in some > path and allocated > to ion driver. ion driver has also freed it. Finally the memo