1. Patchew
  2. linux
  3. View series

[PATCH 0/2] mm/kmemleak: Simplify kmemleak_cond_resched() & fix UAF

Waiman Long posted 2 patches 2 years, 9 months ago
There is a newer version of this series
mm/kmemleak.c | 59 ++++++++++++++++++++-------------------------------
1 file changed, 23 insertions(+), 36 deletions(-)
[PATCH 0/2] mm/kmemleak: Simplify kmemleak_cond_resched() & fix UAF
Posted by Waiman Long 2 years, 9 months ago 
It was found that a KASAN use-after-free error was reported in the
kmemleak_scan() function. After further examination, it is believe
that even though a reference is taken from the current object, it does
not prevent the object pointed to by the next pointer from going away
after a cond_resched(). So the heuristics is now changed to restart
scanning from the beginning of object_list in case the current object
is no longer in the object_list, i.e. OBJECT_ALLOCATED flag not set.

While making the change, I also simplify the current usage of
kmemleak_cond_resched() to make it easier to understand.

Waiman Long (2):
  mm/kmemleak: Simplify kmemleak_cond_resched() usage
  mm/kmemleak: Fix UAF bug in kmemleak_scan()

 mm/kmemleak.c | 59 ++++++++++++++++++++-------------------------------
 1 file changed, 23 insertions(+), 36 deletions(-)

-- 
2.31.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.