https://github.com/torvalds/linux
Revision e77b89f13a0d48aea70b69976e854f2a2444a519 authored by Dmitry Monakhov on 04 October 2009, 20:38:55 UTC, committed by Dave Jones on 18 November 2009, 04:15:04 UTC
Currently on governer backup/restore path we storing governor's pointer. This is wrong because one may unload governor's module after cpu goes offline. As result use-after-free will take place on restored cpu. It is not easy to exploit this bug, but still we have to close this issue ASAP. Issue was introduced by following commit 084f34939424161669467c19280dbcf637730314 ##TESTCASE## #!/bin/sh -x modprobe acpi_cpufreq # Any non default governor, in may case it is "ondemand" modprobe cpufreq_ondemand echo ondemand > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor rmmod acpi_cpufreq rmmod cpufreq_ondemand modprobe acpi_cpufreq # << use-after-free here. Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> Signed-off-by: Dave Jones <davej@redhat.com>
1 parent 293afe4
Tip revision: e77b89f13a0d48aea70b69976e854f2a2444a519 authored by Dmitry Monakhov on 04 October 2009, 20:38:55 UTC
[CPUFREQ] Fix use after free on governor restore
[CPUFREQ] Fix use after free on governor restore
Tip revision: e77b89f
File | Mode | Size |
---|---|---|
async_tx | ||
Kconfig | -rw-r--r-- | 22.9 KB |
Makefile | -rw-r--r-- | 3.0 KB |
ablkcipher.c | -rw-r--r-- | 9.9 KB |
aead.c | -rw-r--r-- | 12.6 KB |
aes_generic.c | -rw-r--r-- | 61.9 KB |
ahash.c | -rw-r--r-- | 12.1 KB |
algapi.c | -rw-r--r-- | 19.0 KB |
algboss.c | -rw-r--r-- | 6.2 KB |
ansi_cprng.c | -rw-r--r-- | 9.6 KB |
anubis.c | -rw-r--r-- | 27.8 KB |
api.c | -rw-r--r-- | 13.4 KB |
arc4.c | -rw-r--r-- | 2.0 KB |
authenc.c | -rw-r--r-- | 19.4 KB |
blkcipher.c | -rw-r--r-- | 18.6 KB |
blowfish.c | -rw-r--r-- | 17.5 KB |
camellia.c | -rw-r--r-- | 35.1 KB |
cast5.c | -rw-r--r-- | 34.1 KB |
cast6.c | -rw-r--r-- | 21.5 KB |
cbc.c | -rw-r--r-- | 7.4 KB |
ccm.c | -rw-r--r-- | 21.5 KB |
chainiv.c | -rw-r--r-- | 8.6 KB |
cipher.c | -rw-r--r-- | 3.3 KB |
compress.c | -rw-r--r-- | 1.3 KB |
crc32c.c | -rw-r--r-- | 8.0 KB |
cryptd.c | -rw-r--r-- | 18.9 KB |
crypto_null.c | -rw-r--r-- | 4.9 KB |
crypto_wq.c | -rw-r--r-- | 896 bytes |
ctr.c | -rw-r--r-- | 10.8 KB |
cts.c | -rw-r--r-- | 9.8 KB |
deflate.c | -rw-r--r-- | 5.5 KB |
des_generic.c | -rw-r--r-- | 35.4 KB |
digest.c | -rw-r--r-- | 5.7 KB |
ecb.c | -rw-r--r-- | 4.9 KB |
eseqiv.c | -rw-r--r-- | 6.7 KB |
fcrypt.c | -rw-r--r-- | 18.0 KB |
fips.c | -rw-r--r-- | 705 bytes |
gcm.c | -rw-r--r-- | 26.6 KB |
gf128mul.c | -rw-r--r-- | 13.2 KB |
ghash-generic.c | -rw-r--r-- | 3.7 KB |
hash.c | -rw-r--r-- | 4.8 KB |
hmac.c | -rw-r--r-- | 6.9 KB |
internal.h | -rw-r--r-- | 3.9 KB |
khazad.c | -rw-r--r-- | 51.8 KB |
krng.c | -rw-r--r-- | 1.5 KB |
lrw.c | -rw-r--r-- | 7.6 KB |
lzo.c | -rw-r--r-- | 2.5 KB |
md4.c | -rw-r--r-- | 6.1 KB |
md5.c | -rw-r--r-- | 7.2 KB |
michael_mic.c | -rw-r--r-- | 3.6 KB |
pcbc.c | -rw-r--r-- | 7.7 KB |
pcompress.c | -rw-r--r-- | 2.5 KB |
proc.c | -rw-r--r-- | 4.0 KB |
ripemd.h | -rw-r--r-- | 974 bytes |
rmd128.c | -rw-r--r-- | 10.1 KB |
rmd160.c | -rw-r--r-- | 12.6 KB |
rmd256.c | -rw-r--r-- | 10.5 KB |
rmd320.c | -rw-r--r-- | 13.0 KB |
rng.c | -rw-r--r-- | 2.8 KB |
salsa20_generic.c | -rw-r--r-- | 6.7 KB |
scatterwalk.c | -rw-r--r-- | 2.9 KB |
seed.c | -rw-r--r-- | 17.4 KB |
seqiv.c | -rw-r--r-- | 8.5 KB |
serpent.c | -rw-r--r-- | 19.8 KB |
sha1_generic.c | -rw-r--r-- | 3.4 KB |
sha256_generic.c | -rw-r--r-- | 12.2 KB |
sha512_generic.c | -rw-r--r-- | 8.8 KB |
shash.c | -rw-r--r-- | 16.1 KB |
tcrypt.c | -rw-r--r-- | 20.0 KB |
tcrypt.h | -rw-r--r-- | 2.3 KB |
tea.c | -rw-r--r-- | 7.1 KB |
testmgr.c | -rw-r--r-- | 51.4 KB |
testmgr.h | -rw-r--r-- | 309.6 KB |
tgr192.c | -rw-r--r-- | 30.8 KB |
twofish.c | -rw-r--r-- | 6.3 KB |
twofish_common.c | -rw-r--r-- | 37.7 KB |
vmac.c | -rw-r--r-- | 17.9 KB |
wp512.c | -rw-r--r-- | 60.1 KB |
xcbc.c | -rw-r--r-- | 7.2 KB |
xor.c | -rw-r--r-- | 3.8 KB |
xts.c | -rw-r--r-- | 7.1 KB |
zlib.c | -rw-r--r-- | 9.5 KB |
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...