Re: KASAN: use-after-free Read in __list_add_valid (5)

From: Eric Biggers
Date: Wed Jul 04 2018 - 19:26:45 EST

Next message: Jonathan Maxwell: "Re: [net-next,v2] tcp: Improve setsockopt() TCP_USER_TIMEOUT accuracy"
Previous message: Rafael J. Wysocki: "Re: [PATCH 2/2] device core: Add flag to autoremove device link on supplier unbind"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 15, 2018 at 01:49:23PM -0700, Roland Dreier wrote:
> > Still reproducible on Linus' tree (commit 66e1c94db3cd4e) and on linux-next
> > (next-20180511). Here's a simplified reproducer:
>
> Thanks! That's a fantastic test case.
>
> The issue is a race where rdma_listen() sees invalid state in the
> middle of an rdma_bind_addr() call that will ultimately fail. I'll
> send a proposed patch shortly.
>
> - R.

Ping; there's still no fix merged for this. The reproducer also works as an
unprivileged user.

- Eric

Next message: Jonathan Maxwell: "Re: [net-next,v2] tcp: Improve setsockopt() TCP_USER_TIMEOUT accuracy"
Previous message: Rafael J. Wysocki: "Re: [PATCH 2/2] device core: Add flag to autoremove device link on supplier unbind"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]