On Fri, Aug 24, 2018 at 4:37 PM, Sowmini Varadhan <sowmini.varadhan@xxxxxxxxxx> wrote: > On (08/24/18 16:10), Dmitry Vyukov wrote: >> You need a colon after dup. > > I see. > >> But this can't possibly be a dup of that bug. That bug was fixed in February: > > Apologies, I unknowingly made a mistake in my > syzbot-tiquette in that case, > > I did not intend to *close* the bug as a dup, I was > merely trying to indicate that this is yet another > manifestation of the original report with subject > "KASAN: use-after-free Read in rds_find_bound" > > All of these problems are happening because we are missing > a synchronize_net() in rds_release. > > A full description of the race conditon can be found in > https://www.spinics.net/lists/netdev/msg475074.html > > If rds_release is going to nuke the rds_socket > it needs to sychronize_net() with other threads that may be > looking up the bind_hash_table. If we dont do that, > all of these "use-after-free" races can happen. > As long as we dont have the synchronize_net() we are > missing a big (and standard) bit of RCU synchronization. If it's a note for humans, then just a plain English comment will do.
