[lvc-project] [PATCH 1/3] net: sched: fix use-after-free in taprio_change()
Jakub Kicinski
kuba at kernel.org
Thu Aug 8 05:33:52 MSK 2024
On Wed, 7 Aug 2024 13:39:41 +0300 Dmitry Antipov wrote:
> In 'taprio_change()', 'admin' pointer may become dangling due to sched
> switch / removal caused by 'advance_sched()', and critical section
> protected by 'q->current_entry_lock' is too small to prevent from such
> a scenario (which causes use-after-free detected by KASAN). Fix this
> by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update
> 'admin' immediately before an attempt to schedule freeing.
>
> Fixes: a3d43c0d56f1 ("taprio: Add support adding an admin schedule")
> Reported-by: syzbot+b65e0af58423fc8a73aa at syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa
> Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
No need to repost (yet?) but quick process note, please err on the side
of incrementing patch versions, this should be a v2 even if only diff
is that there are new patches. The version is for the _series_.
https://lore.kernel.org/all/20240805135145.37604-1-dmantipov@yandex.ru/
More information about the lvc-project
mailing list