Searched hist:"73 d20564e0dcae003e0d79977f044d5e57496304" (Results 1 – 2 of 2) sorted by relevance
| /openbmc/linux/include/linux/ |
| H A D | irqflags.h | diff 73d20564e0dcae003e0d79977f044d5e57496304 Tue Mar 31 15:18:49 CDT 2020 Sebastian Andrzej Siewior <bigeasy@linutronix.de> hrtimer: Don't dereference the hrtimer pointer after the callback
A hrtimer can be released in its callback, but lockdep_hrtimer_exit()
dereferences the pointer after the callback returns, i.e. a potential use
after free.
Retrieve the context in which the hrtimer expires before the callback is
invoked and use it in lockdep_hrtimer_exit().
Fixes: 40db173965c0 ("lockdep: Add hrtimer context tracing bits")
Reported-by: syzbot+62c155c276e580cfb606@syzkaller.appspotmail.com
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20200331201849.fkp2siy3vcdqvqlz@linutronix.de
|
| /openbmc/linux/kernel/time/ |
| H A D | hrtimer.c | diff 73d20564e0dcae003e0d79977f044d5e57496304 Tue Mar 31 15:18:49 CDT 2020 Sebastian Andrzej Siewior <bigeasy@linutronix.de> hrtimer: Don't dereference the hrtimer pointer after the callback
A hrtimer can be released in its callback, but lockdep_hrtimer_exit()
dereferences the pointer after the callback returns, i.e. a potential use
after free.
Retrieve the context in which the hrtimer expires before the callback is
invoked and use it in lockdep_hrtimer_exit().
Fixes: 40db173965c0 ("lockdep: Add hrtimer context tracing bits")
Reported-by: syzbot+62c155c276e580cfb606@syzkaller.appspotmail.com
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20200331201849.fkp2siy3vcdqvqlz@linutronix.de
|