Re: [syzbot] KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Pavel Skripkin <paskripkin@xxxxxxxxx> wrote:
> Dumb question: why per_cpu() will return 2 different pointers for CPU 1 and
> CPU 0? As I understand for_each_possible_cpu() will iterate over all
> CPUs which could ever be enabled. So, we can hit situation when 2 concurrent
> processes call per_cpu() with same cpu value (*).

Yes, that is what I was trying to say, the race is that we can have > 1
processes here ever since the global transaction mutex was removed in 2018.

> Anyway, I think, moving locking a bit higher is good here, let's test it. I
> will prepare a patch, if it will pass syzbot testing, thanks!

It looks correct to me, thanks.

[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux