Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-13 17:28:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

perfcounters: fix use after free in perf_release()

Browse Source 
running...

  while true; do
    foo -d 1 -f 1 -c 100000 & sleep 1
    kerneltop -d 1 -f 1 -e 1 -c 25000 -p `pidof foo`
  done

  while true; do
    killall foo; killall kerneltop; sleep 2
  done

...in two shells with SLUB_DEBUG enabled produces flood of:
BUG task_struct: Poison overwritten.

Fix the use-after-free bug in perf_release().

Signed-off-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
This commit is contained in:
Mike Galbraith 2009-02-11 10:53:37 +01:00 committed by Ingo Molnar
parent ffc0467293
commit 5af759176c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/perf_counter.c
View File

@ -1145,12 +1145,12 @@ static int perf_release(struct inode *inode, struct file *file)
mutex_lock(&counter->mutex); mutex_lock(&counter->mutex);
perf_counter_remove_from_context(counter); perf_counter_remove_from_context(counter);
put_context(ctx);
mutex_unlock(&counter->mutex); mutex_unlock(&counter->mutex);
mutex_unlock(&ctx->mutex); mutex_unlock(&ctx->mutex);
kfree(counter); kfree(counter);
put_context(ctx);
return 0; return 0;
} }