Re: timerfd: use-after-free in timerfd_remove_cancel

From: Thomas Gleixner
Date: Tue Jan 31 2017 - 06:45:25 EST

Next message: Yuriy Kolerov: "[PATCH v2 0/4] Use build registers for getting numbers of interrupts"
Previous message: Qatif Oil Grroup Of Companies.: "Did you get my message this time?"
In reply to: Thomas Gleixner: "Re: timerfd: use-after-free in timerfd_remove_cancel"
Next in thread: Dmitry Vyukov: "Re: timerfd: use-after-free in timerfd_remove_cancel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 31 Jan 2017, Thomas Gleixner wrote:

> On Mon, 30 Jan 2017, Dmitry Vyukov wrote:
> >
> > Seems that ctx->might_cancel is racy.
>
> Yes, it is. Fix below.

And the fix is racy as well. Darn, we really need to lock the context to
avoid that mess.

Next message: Yuriy Kolerov: "[PATCH v2 0/4] Use build registers for getting numbers of interrupts"
Previous message: Qatif Oil Grroup Of Companies.: "Did you get my message this time?"
In reply to: Thomas Gleixner: "Re: timerfd: use-after-free in timerfd_remove_cancel"
Next in thread: Dmitry Vyukov: "Re: timerfd: use-after-free in timerfd_remove_cancel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]