When send_cpu_listeners() finds the orphaned listener it marks it as
!valid and drops listeners->sem. Before it takes this sem for writing,
s->pid can be reused and add_del_listener() can wrongly try to re-use
this entry.
Change add_del_listener() to check ->valid = T.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Vasiliy Kulikov <segoon@openwall.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
listeners = &per_cpu(listener_array, cpu);
down_write(&listeners->sem);
list_for_each_entry(s2, &listeners->list, list) {
- if (s2->pid == pid)
+ if (s2->pid == pid && s2->valid)
goto exists;
}
list_add(&s->list, &listeners->list);
projects / platform / kernel / linux-amlogic.git / commitdiff