summaryrefslogtreecommitdiff
path: root/tools/testing/radix-tree/main.c
diff options
context:
space:
mode:
authorMatthew Wilcox <mawilcox@microsoft.com>2017-03-03 20:16:10 +0300
committerMatthew Wilcox <mawilcox@microsoft.com>2017-03-07 21:18:23 +0300
commit4ecd9542dbc3e07f3bd3870aac12839f72b47db4 (patch)
tree1345c7ca57563006a0355bec1bbe689dd14ca67c /tools/testing/radix-tree/main.c
parent3f1b6f9d49ba5a209d745fa2448657d8b66ed0c0 (diff)
downloadlinux-4ecd9542dbc3e07f3bd3870aac12839f72b47db4.tar.xz
ida: Free correct IDA bitmap
There's a relatively rare race where we look at the per-cpu preallocated IDA bitmap, see it's NULL, allocate a new one, and atomically update it. If the kmalloc() happened to sleep and we were rescheduled to a different CPU, or an interrupt came in at the exact right time, another task might have successfully allocated a bitmap and already deposited it. I forgot what the semantics of cmpxchg() were and ended up freeing the wrong bitmap leading to KASAN reporting a use-after-free. Dmitry found the bug with syzkaller & wrote the patch. I wrote the test case that will reproduce the bug without his patch being applied. Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Diffstat (limited to 'tools/testing/radix-tree/main.c')
-rw-r--r--tools/testing/radix-tree/main.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/testing/radix-tree/main.c b/tools/testing/radix-tree/main.c
index b829127d5670..bc9a78449572 100644
--- a/tools/testing/radix-tree/main.c
+++ b/tools/testing/radix-tree/main.c
@@ -368,6 +368,7 @@ int main(int argc, char **argv)
iteration_test(0, 10 + 90 * long_run);
iteration_test(7, 10 + 90 * long_run);
single_thread_tests(long_run);
+ ida_thread_tests();
/* Free any remaining preallocated nodes */
radix_tree_cpu_dead(0);