On Fri, 6 Jun 2014, Andrey Ryabinin wrote: > While working address sanitizer for kernel I've discovered use-after-free > bug in __put_anon_vma. > For the last anon_vma, anon_vma->root freed before child anon_vma. > Later in anon_vma_free(anon_vma) we are referencing to already freed anon_vma->root > to check rwsem. > This patch puts freeing of child anon_vma before freeing of anon_vma->root. > > Cc: <stable@xxxxxxxxxxxxxxx> # v3.0+ > Signed-off-by: Andrey Ryabinin <a.ryabinin@xxxxxxxxxxx> Acked-by: David Rientjes <rientjes@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html