On 29/03/2023 01:48, Umesh Nerlige Ramappa wrote:
On Tue, Mar 28, 2023 at 02:08:47PM +0100, Tvrtko Ursulin wrote:
On 28/03/2023 10:36, Min Li wrote:
Userspace can guess the id value and try to race oa_config object
creation
with config remove, resulting in a use-after-free if we dereference
Userspace can guess the id value and try to race oa_config object creation
with config remove, resulting in a use-after-free if we dereference the
object after unlocking the metrics_lock. For that reason, unlocking the
metrics_lock must be done after we are done dereferencing the object.
Signed-o
On Tue, Mar 28, 2023 at 02:08:47PM +0100, Tvrtko Ursulin wrote:
On 28/03/2023 10:36, Min Li wrote:
Userspace can guess the id value and try to race oa_config object creation
with config remove, resulting in a use-after-free if we dereference the
object after unlocking the metrics_lock. For tha
On Tue, Mar 28, 2023 at 05:36:27PM +0800, Min Li wrote:
> Userspace can guess the id value and try to race oa_config object creation
> with config remove, resulting in a use-after-free if we dereference the
> object after unlocking the metrics_lock. For that reason, unlocking the
> metrics_lock mu
Hi Min,
On Tue, Mar 28, 2023 at 05:36:27PM +0800, Min Li wrote:
> Userspace can guess the id value and try to race oa_config object creation
> with config remove, resulting in a use-after-free if we dereference the
> object after unlocking the metrics_lock. For that reason, unlocking the
> metric
On 28/03/2023 10:36, Min Li wrote:
Userspace can guess the id value and try to race oa_config object creation
with config remove, resulting in a use-after-free if we dereference the
object after unlocking the metrics_lock. For that reason, unlocking the
metrics_lock must be done after we are d
