diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2020-07-24 20:12:53 +1000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-07-28 17:09:49 -0700 |
commit | 1748f6a2cbc4694523f16da1c892b59861045b9d (patch) | |
tree | b1eb0a67f3fd4c1ce0c4a8dff9ebca4bad1ace15 /lib/timerqueue.c | |
parent | 19016d93bfc335f0c158c0d9e3b9d06c4dd53d39 (diff) |
rhashtable: Fix unprotected RCU dereference in __rht_ptr
The rcu_dereference call in rht_ptr_rcu is completely bogus because
we've already dereferenced the value in __rht_ptr and operated on it.
This causes potential double readings which could be fatal. The RCU
dereference must occur prior to the comparison in __rht_ptr.
This patch changes the order of RCU dereference so that it is done
first and the result is then fed to __rht_ptr. The RCU marking
changes have been minimised using casts which will be removed in
a follow-up patch.
Fixes: ba6306e3f648 ("rhashtable: Remove RCU marking from...")
Reported-by: "Gong, Sishuai" <sishuai@purdue.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib/timerqueue.c')
0 files changed, 0 insertions, 0 deletions