KASAN: use-after-free Read in task_is_descendant
Oleg Nesterov
oleg at redhat.com
Thu Oct 25 16:25:54 UTC 2018
On 10/25, Oleg Nesterov wrote:
>
> Because our rcu read-lock critical section extends beyond the return from
> synchronize_rcu(), and thus we must have a full memory barrier _between_
> that synchronize_rcu() and our rcu_read_lock(). We must see all memory updates,
> including thread_pid = NULL which makes pid_alive() == F.
In case I was not clear....
Suppose we have int X = 0. If some CPU does
X = 1;
synchronize_rcu();
and another CPU does
rcu_read_lock();
x = X;
rcu_read_unlock();
then x should be == 1 in case when rcu_read_unlock() happens _after_ return
from synchronize_rcu().
Oleg.
More information about the Linux-security-module-archive
mailing list