On Thu, Sep 17, 2015 at 11:17 AM, Dmitry Vyukov <[email protected]> wrote: > tty_buffer_flush frees not acquired buffers. > As the result, for example, read of b->size in tty_buffer_free > can return garbage value which will lead to a huge buffer > hanging in the freelist. This is just the benignest > manifestation of freeing of a not acquired object. > If the object is passed to kfree, heap can be corrupted. > > Acquire visibility over the buffer before freeing it. > > The data race was found with KernelThreadSanitizer (KTSAN).
Reviewed-by: Peter Hurley <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
