Andrei Vagin <avagin@xxxxxxxxx> writes: > On Sun, Mar 05, 2017 at 03:41:06PM -0600, Eric W. Biederman wrote: >> >> Always increment/decrement ucount->count under the ucounts_lock. The >> increments are there already and moving the decrements there means the >> locking logic of the code is simpler. This simplification in the >> locking logic fixes a race between put_ucounts and get_ucounts that >> could result in a use-after-free because the count could go zero then >> be found by get_ucounts and then be freed by put_ucounts. >> >> A bug presumably this one was found by a combination of syzkaller and >> KASAN. JongWhan Kim reported the syzkaller failure and Dmitry Vyukov >> spotted the race in the code. >> > > Reviewed-by: Andrei Vagin <avagin@xxxxxxxxx> > > I think we can rework this in a future so that ucount will be rcu > protected. Agreed. Although I would like to see a benchmark that motivated that. So far my impression is that all of these counts are in the noise. Which is why I have aimed more at simplicity than the fastest possible data structures. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
