On Fri, May 24, 2013 at 06:07:49PM +0200, Gerald Schaefer wrote: > In autogroup_create(), a tg is allocated and added to the task_groups > list. If CONFIG_RT_GROUP_SCHED is set, this tg is then modified while on > the list, without locking. This can race with someone walking the list, > like __enable_runtime() during CPU unplug, and result in a use-after-free > bug. > > To fix this, move sched_online_group(), which adds the tg to the list, > to the end of the autogroup_create() function after the modification. > > Signed-off-by: Gerald Schaefer <gerald.schae...@de.ibm.com>
Ah indeed, nice catch. Thanks! -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
