On 27/03/2017 16:46, Dmitry Vyukov wrote: > > Paul McKenney writes: > > === > Hmmm... I am not seeing a call to cleanup_srcu_struct() for the > ->track_srcu field of the kvm_page_track_notifier_head structure. > Or is this structure immortal, so that it is never cleaned up? > Or am I just blind this morning? > > In any case, freeing the kvm_page_track_notifier_head structure > without first invoking cleanup_srcu_struct() on its ->track_srcu > srcu_struct field could easily result in a use-after-free bug. > === > > I also don't see cleanup of page track srcu. Thanks, will take a look and fix. Paolo
