Re: net/rds: use-after-free in inet_create

From: Sowmini Varadhan
Date: Tue Feb 28 2017 - 11:41:48 EST

Next message: Bartosz Golaszewski: "[PATCH v3 3/4] ARM: dts: da850-evm: add the UI expander node"
Previous message: Anatolij Gustschin: "[PATCH v4 0/2] Xilinx Slave Serial FPGA Manager"
In reply to: Dmitry Vyukov: "Re: net/rds: use-after-free in inet_create"
Next in thread: Dmitry Vyukov: "Re: net/rds: use-after-free in inet_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On (02/28/17 17:32), Dmitry Vyukov wrote:
> Not reproducible so far.
>
> rds is compiled into kernel (no modules):
> CONFIG_RDS=y
> CONFIG_RDS_TCP=y

I see. So if it never gets unloaded, the rds_connections "should"
be around forever.. let me inspect code and see if I spot some
race-window..

> Also fuzzer actively creates and destroys namespaces.
> Yes, I don't see socket(0x15) in the log. Probably it was truncated.

I see. May be useful if we coudl get a crash dump to see what
other threads were going on (might give a hint about which threads
were racing). I'll try reproducing this at my end too.

--Sowmini

Next message: Bartosz Golaszewski: "[PATCH v3 3/4] ARM: dts: da850-evm: add the UI expander node"
Previous message: Anatolij Gustschin: "[PATCH v4 0/2] Xilinx Slave Serial FPGA Manager"
In reply to: Dmitry Vyukov: "Re: net/rds: use-after-free in inet_create"
Next in thread: Dmitry Vyukov: "Re: net/rds: use-after-free in inet_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]