slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - kernel

diff options

author	Hao Ge <[email protected]>	2025-10-21 01:03:53 +0000
committer	Vlastimil Babka <[email protected]>	2025-10-21 13:25:39 +0000
commit	6ed8bfd24ce1cb31742b09a3eb557cd008533eec (patch)
tree	f0810ef66185707c7a1fa1014b87906069775810 /lib/mpi/mpi-scan.c
parent	slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL (diff)
download	kernel-6ed8bfd24ce1cb31742b09a3eb557cd008533eec.tar.gz kernel-6ed8bfd24ce1cb31742b09a3eb557cd008533eec.zip

slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts

If two competing threads enter alloc_slab_obj_exts() and one of them fails to allocate the object extension vector, it might override the valid slab->obj_exts allocated by the other thread with OBJEXTS_ALLOC_FAIL. This will cause the thread that lost this race and expects a valid pointer to dereference a NULL pointer later on. Update slab->obj_exts atomically using cmpxchg() to avoid slab->obj_exts overrides by racing threads. Thanks for Vlastimil and Suren's help with debugging. Fixes: f7381b911640 ("slab: mark slab->obj_exts allocation failures unconditionally") Cc: <[email protected]> Suggested-by: Suren Baghdasaryan <[email protected]> Signed-off-by: Hao Ge <[email protected]> Reviewed-by: Harry Yoo <[email protected]> Reviewed-by: Suren Baghdasaryan <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Vlastimil Babka <[email protected]>

Diffstat (limited to 'lib/mpi/mpi-scan.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: