lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Mar 2007 02:35:59 -0400 From: Srivatsa Vaddagiri <vatsa@...ibm.com> To: Paul Jackson <pj@....com> Cc: balbir@...ibm.com, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Fix race between attach_task and cpuset_exit Quoting Paul Jackson <pj@....com>: > vatsa wrote: >> Well, someone may have attached to this cpuset while we were waiting on the >> mutex_lock(). So we need to do a atomic_read again to ensure it is still >> unused. > > I don't see how this could happen. If we hold the task lock that now > (thanks to your good work) guards this pointer, and if we decrement to > zero the reference count on the cpuset to which it points and then > -overwrite- this last remaining visible pointer to that cpuset with a > pointer to a different cpuset, then aren't we guaranteed to be holding > the last remaining reference to the old cpuset in our local variable, > making it impossible for anyone else to attach to it in any way? Yes, but the cpuset is not made invisible to userspace (in filesystem) yet. So as cpuset_exit() discovers that cpuset B has zero refcount now and blocks on mutex_lock(&manage_mutex) [ to do a check_for_release later ], someone could have done a attach_task to that cpuset. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists