On Thu, 21 Apr 2022 09:21:06 +1000 Alistair Popple <apopple@xxxxxxxxxx> wrote:
> >> As the wait_event() condition is true it will return immediately. This
> >> can lead to use-after-free type errors if the caller frees the data
> >> structure containing the interval notifier subscription while it is
> >> still on a deferred list. Fix this by taking the appropriate lock when
> >> reading invalidate_seq to ensure proper synchronisation.
> >>
> >> ...
> >>
> >> Fixes: 99cb252f5e68 ("mm/mmu_notifier: add an interval tree notifier")
> >
> > Do you think fix this should be backported into older kernels?
>
> Yes, I forgot to cc stable sorry.
So we have actually seen these use-after-free errors?
Some description of the end-user visible impact is always helpful when
deciding which trees need a patch.
> Do you want me to resend with
> 'Cc: stable@xxxxxxxxxxxxxxx'?
Thanks, I added that.
