From mboxrd@z Thu Jan  1 00:00:00 1970
From: Oleg Nesterov <oleg@redhat.com>
Subject: Re: Report Double Fetch Bug Found in Linux-4.6.1/kernel/auditsc.c
Date: Mon, 20 Jun 2016 21:18:14 +0200
Message-ID: <20160620191814.GA2942@redhat.com>
References: <CACxtibRq2ddMeLh5V5tV5A2zKDHfZX1EcNaKPaKZZvxYP1ntGA@mail.gmail.com>
	<20160620182215.GC25615@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <20160620182215.GC25615@madcap2.tricolour.ca>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Richard Guy Briggs <rgb@redhat.com>
Cc: security@kernel.org, Pengfei Wang <wpengfeinudt@gmail.com>, "Krinke,
	Jens" <j.krinke@ucl.ac.uk>, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Not that I understand this report, but

On 06/20, Richard Guy Briggs wrote:
>
> This function is only ever called by __audit_free(), which is only ever
> called on failure of task creation or on exit of the task, so in neither
> case can anything else change it.

How so?

Another thread or CLONE_VM task or /proc/pid/mem can change the user-space
memory in parallel.

Oleg.