[LTP] [PATCH] syscalls/setsockopt09: Add another linux git
xuyang2018.jy@fujitsu.com
xuyang2018.jy@fujitsu.com
Thu Mar 3 10:11:29 CET 2022
Hi All
> On centos7.9ga, I still hit another crash problem because of use-after-free in
> prb_retire_rx_blk_timer_expired(). Since we free it when timer expired, so this
Using free is incorrect, should modify as below:
Since we still use the freed resource when timer expired
Best Regards
Yang Xu
> case will crash after we print TPASS info.
>
> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com>
> ---
> testcases/kernel/syscalls/setsockopt/setsockopt09.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt09.c b/testcases/kernel/syscalls/setsockopt/setsockopt09.c
> index 2fc66ebbc..62c6dea07 100644
> --- a/testcases/kernel/syscalls/setsockopt/setsockopt09.c
> +++ b/testcases/kernel/syscalls/setsockopt/setsockopt09.c
> @@ -19,6 +19,17 @@
> *
> * net/packet: rx_owner_map depends on pg_vec
> *
> + * It also triggers another use-after-free problem in
> + * prb_retire_rx_blk_timer_expired.
> + *
> + * Kernel crash fixed in:
> + *
> + * commit c800aaf8d869f2b9b47b10c5c312fe19f0a94042
> + * Author: WANG Cong<xiyou.wangcong@gmail.com>
> + * Date: Mon Jul 24 10:07:32 2017 -0700
> + *
> + * packet: fix use-after-free in prb_retire_rx_blk_timer_expired()
> + *
> */
>
> #define _GNU_SOURCE
> @@ -110,6 +121,7 @@ static struct tst_test test = {
> NULL,
> },
> .tags = (const struct tst_tag[]) {
> + {"linux-git", "c800aaf8d869"},
> {"linux-git", "ec6af094ea28"},
> {"CVE", "2021-22600"},
> {}
More information about the ltp
mailing list