Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752987Ab2KEDby (ORCPT ); Sun, 4 Nov 2012 22:31:54 -0500 Received: from mail-vb0-f46.google.com ([209.85.212.46]:49626 "EHLO mail-vb0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752551Ab2KEDbx convert rfc822-to-8bit (ORCPT ); Sun, 4 Nov 2012 22:31:53 -0500 MIME-Version: 1.0 In-Reply-To: References: <508086DA.3010600@oracle.com> <5089A05E.7040000@gmail.com> Date: Sun, 4 Nov 2012 19:31:52 -0800 Message-ID: Subject: Re: mm: NULL ptr deref in anon_vma_interval_tree_verify From: Michel Lespinasse To: Bob Liu Cc: Sasha Levin , Sasha Levin , hughd@google.com, Andrew Morton , linux-mm , "linux-kernel@vger.kernel.org" , Dave Jones Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-System-Of-Record: true Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 708 Lines: 18 On Sun, Nov 4, 2012 at 6:20 PM, Bob Liu wrote: > The loop for each entry of vma->anon_vma_chain in validate_mm() is not > protected by anon_vma lock. > I think that may be the cause. > > Michel, What's your opinion? Good catch, I think that's it. Somehow it had not occured to me to verify the checker code - as in, who's checking the checker ? :) -- Michel "Walken" Lespinasse A program is never fully debugged until the last user dies. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/