• Nick Piggin's avatar
    [IA64] permon use-after-free fix · 41d5e5d7
    Nick Piggin authored
    Perfmon associates vmalloc()ed memory with a file descriptor, and installs
    a vma mapping that memory.  Unfortunately, the vm_file field is not filled
    in, so processes with mappings to that memory do not prevent the file from
    being closed and the memory freed.  This results in use-after-free bugs and
    multiple freeing of pages, etc.
    
    I saw this bug on an Altix on SLES9.  Haven't reproduced upstream but it
    looks like the same issue is there.
    Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
    Cc: Stephane Eranian <eranian@hpl.hp.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
    41d5e5d7
perfmon.c 169 KB