| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Mar 2024 10:26:45 +0300
From: Dmitry Mastykin <dmastykin@...ralinux.ru>
To: corbet@....net,
linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org,
willy@...radead.org
Cc: mastichi@...il.com,
Dmitry Mastykin <dmastykin@...ralinux.ru>
Subject: [PATCH] docs: fix bug in "Krefs and RCU" example
There is a problem in "Krefs and RCU" example, that may cause a crash.
If list_del_rcu() will be called between these lines, and list will become
empty, then q.next will not point to a valid struct my_data.
entry->refcount will also be invalid.
Instead, q.next must be read first, and then compared with q to check
list's emptiness, like in list_first_or_null_rcu() macro.
Signed-off-by: Dmitry Mastykin <dmastykin@...ralinux.ru>
---
Documentation/core-api/kref.rst | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/Documentation/core-api/kref.rst b/Documentation/core-api/kref.rst
index c61eea6f1bf2..022bb1d1b968 100644
--- a/Documentation/core-api/kref.rst
+++ b/Documentation/core-api/kref.rst
@@ -290,13 +290,11 @@ locking for lookups in the above example::
static struct my_data *get_entry_rcu()
{
- struct my_data *entry = NULL;
+ struct my_data *entry;
rcu_read_lock();
- if (!list_empty(&q)) {
- entry = container_of(q.next, struct my_data, link);
- if (!kref_get_unless_zero(&entry->refcount))
- entry = NULL;
- }
+ entry = list_first_or_null_rcu(&q, struct my_data, link);
+ if (entry && !kref_get_unless_zero(&entry->refcount))
+ entry = NULL;
rcu_read_unlock();
return entry;
}
--
2.30.2
Powered by blists - more mailing lists