mm: zcache: fix use after free in zcache_store_page · 91212fa8e0 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

mm: zcache: fix use after free in zcache_store_page

There is a chance of zbud handle being used after a free.
Unable to handle kernel paging request at virtual address ffffffc05be72040
PC is at zcache_store_page+0x59c/0x618
LR is at zcache_store_page+0x59c/0x618
[<ffffffc00019c99c>] zcache_store_page+0x59c/0x618
[<ffffffc0001a70c4>] __cleancache_put_page+0x94/0xcc
[<ffffffc00015da4c>] __delete_from_page_cache+0xc0/0x2cc
[<ffffffc00016d230>] __remove_mapping+0xe4/0x128
[<ffffffc00016e750>] shrink_page_list+0x634/0x95c
[<ffffffc00016f32c>] shrink_inactive_list+0x41c/0x67c
[<ffffffc00016fc14>] shrink_lruvec+0x364/0x510
[<ffffffc00016fe10>] shrink_zone+0x50/0x12c
[<ffffffc000170278>] try_to_free_pages+0x38c/0x56c
[<ffffffc000164e4c>] __alloc_pages_nodemask+0x5e0/0x994
[<ffffffc000165214>] __get_free_pages+0x14/0x60

CRs-Fixed: 968859
Change-Id: I24f6cf8ccbac956d4c3114e70a9f94f5e3bfa1c8
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

This commit is contained in:

Vinayak Menon

2016-01-28 19:00:15 +05:30

• committed by

David Keitel

parent f4066d1c08

commit 91212fa8e0

1 changed files with 1 additions and 0 deletions

									
										1

mm/zcache.c
									
										View file
										
				@ -687,6 +687,7 @@ zero:

						zcache_store_failed++;

						if (!zero)

							zbud_free(zpool->pool, zaddr);

						return;

					}

					/* update stats */