[Devel] [PATCH rh7 v2] tcache: fix use-after-free in tcache_invalidate_node_pages()
Andrey Ryabinin
aryabinin at virtuozzo.com
Wed Dec 9 01:57:33 PST 2015
On 12/09/2015 12:55 PM, Vladimir Davydov wrote:
>> + /*
>> + * Restart iteration over the radix tree, because the
>> + * current node could have been freed when we dropped
>> + * the lock.
>> + */
>> + index = page->index + 1;
>
> We released the page, so its ->index might be irrelevant. We must read
> it before calling put_page.
>
I think, I'll change it to index = iter.index + 1;
More information about the Devel
mailing list