From: guomin chen
When mm->owner is modified by exit_mm, if the new owner directly calls
unuse_mm to exit, it will cause Use-After-Free. Due to the unuse_mm()
directly sets tsk->mm=NULL.
Under normal circumstances,When do_exit exits, mm->owner will
be updated on exit_mm(). but when the kernel
From: guomin chen
When mm->owner is modified by exit_mm, if the new owner directly calls
unuse_mm to exit, it will cause Use-After-Free. Due to the unuse_mm()
directly sets tsk->mm=NULL.
Under normal circumstances,When do_exit exits, mm->owner will
be updated on exit_mm(). but when the kernel
From: guomin chen
Under normal circumstances,When do_exit exits, mm->owner will
be updated on exit_mm(). but when the kernel process calls
unuse_mm() and then exits,mm->owner cannot be updated. And it
will point to a task that has been released.
Below is my issue on vhost_net:
A, B are
From: guomin chen
Under normal circumstances,When do_exit exits, mm->owner will
be updated on exit_mm(). but when the kernel process calls
unuse_mm() and then exits,mm->owner cannot be updated. And it
will point to a task that has been released.
Below is my issue on vhost_net:
A, B are
From: guominchen
Under normal circumstances,When do_exit exits, mm->owner will
be updated, but when the kernel process calls unuse_mm and exits,
mm->owner cannot be updated. And will point to a task that has
been released.
Below is my issue on vhost_net:
A, B are two kernel process
5 matches
Mail list logo
