lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 17 Jan 2012 16:12:42 +0100
From:	Oleg Nesterov <oleg@...hat.com>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Yasunori Goto <y-goto@...fujitsu.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Peter Zijlstra <peterz@...radead.org>,
	Hiroyuki KAMEZAWA <kamezawa.hiroyu@...fujitsu.com>,
	Motohiro Kosaki <kosaki.motohiro@...fujitsu.com>,
	Linux Kernel ML <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] TASK_DEAD task is able to be woken up in special
	condition

On 01/17, Ingo Molnar wrote:
>
> * Yasunori Goto <y-goto@...fujitsu.com> wrote:
>
> > --- linux-3.2.orig/kernel/exit.c
> > +++ linux-3.2/kernel/exit.c
> > @@ -1038,6 +1038,22 @@ NORET_TYPE void do_exit(long code)
> >
> >  	preempt_disable();
> >  	exit_rcu();
> > +
> > +	/*
> > +	 * The setting of TASK_RUNNING by try_to_wake_up() may be delayed
> > +	 * when the following two conditions become true.
> > +	 *   - There is race condition of mmap_sem (It is acquired by
> > +	 *     exit_mm()), and
> > +	 *   - SMI occurs before setting TASK_RUNINNG.
> > +	 *     (or hypervisor of virtual machine switches to other guest)
> > +	 *  As a result, we may become TASK_RUNNING after becoming TASK_DEAD
> > +	 *
> > +	 * To avoid it, we have to wait for releasing tsk->pi_lock which
> > +	 * is held by try_to_wake_up()
> > +	 */
> > +	smp_mb();
> > +	raw_spin_unlock_wait(&tsk->pi_lock);
>
> Hm, unlock_wait() is really nasty. Wouldnt the adoption of the
> -rt kernel's delayed task put logic solve most of these races?

How? The problem is that the exiting task can do the last schedule()
in TASK_RUNNING state, this breaks the TASK_DEAD logic in
finish_task_switch().

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ