On Thu, Sep 12, 2013 at 08:42:18PM +0800, Hillf Danton wrote:
> Hello Mel
>
> On Tue, Sep 10, 2013 at 5:32 PM, Mel Gorman <mgorman@xxxxxxx> wrote:
> >
> > +void task_numa_free(struct task_struct *p)
> > +{
> > + struct numa_group *grp = p->numa_group;
> > + int i;
> > +
> > + kfree(p->numa_faults);
> > +
> > + if (grp) {
> > + for (i = 0; i < 2*nr_node_ids; i++)
> > + atomic_long_sub(p->numa_faults[i], &grp->faults[i]);
> > +
> use after free, numa_faults ;/
>
It gets fixed in the patch "sched: numa: use group fault statistics in
numa placement" but I agree that it's the wrong place to fix it.
--
Mel Gorman
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>