lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Nov 2012 06:32:28 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: linux-kernel@...r.kernel.org Cc: a.p.zijlstra@...llo.nl, paulus@...ba.org, mingo@...hat.com, acme@...stprotocols.net Subject: [PATCH] perf: call perf_event_comm under task_lock to fix suspicious rcu usage Following RCU warning showed up while executing a shebang-script under perf-record (could even be an empty script) on a 3.7-rc4 stable kernel: [ 32.185108] [ 32.185332] =============================== [ 32.185602] [ INFO: suspicious RCU usage. ] [ 32.185903] 3.7.0-rc4 #1 Not tainted [ 32.186021] ------------------------------- [ 32.186021] include/linux/cgroup.h:566 suspicious rcu_dereference_check() usage! [ 32.186021] [ 32.186021] other info that might help us debug this: [ 32.186021] [ 32.186021] [ 32.186021] rcu_scheduler_active = 1, debug_locks = 0 [ 32.186021] 1 lock held by empty.sh/556: [ 32.186021] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff811d1d16>] prepare_bprm_creds+0x36/0x80 [ 32.186021] [ 32.186021] stack backtrace: [ 32.186021] Pid: 556, comm: empty.sh Not tainted 3.7.0-rc4 #1 [ 32.186021] Call Trace: [ 32.186021] [<ffffffff810d336d>] lockdep_rcu_suspicious+0xfd/0x130 [ 32.186021] [<ffffffff81153de6>] perf_event_comm+0x436/0x610 [ 32.186021] [<ffffffff810d181d>] ? trace_hardirqs_off+0xd/0x10 [ 32.186021] [<ffffffff810ac37f>] ? local_clock+0x6f/0x80 [ 32.186021] [<ffffffff810d217f>] ? lock_release_holdtime.part.26+0xf/0x180 [ 32.186021] [<ffffffff811d1bd3>] set_task_comm+0x73/0x180 [ 32.186021] [<ffffffff811d24ba>] setup_new_exec+0x9a/0x210 [ 32.186021] [<ffffffff81225cf3>] load_elf_binary+0x3e3/0x1ab0 [ 32.186021] [<ffffffff810ac0f5>] ? sched_clock_local+0x25/0xa0 [ 32.186021] [<ffffffff810ac298>] ? sched_clock_cpu+0xa8/0x120 [ 32.186021] [<ffffffff810d181d>] ? trace_hardirqs_off+0xd/0x10 [ 32.186021] [<ffffffff810ac37f>] ? local_clock+0x6f/0x80 [ 32.186021] [<ffffffff81225910>] ? load_elf_library+0x240/0x240 [ 32.186021] [<ffffffff81225910>] ? load_elf_library+0x240/0x240 [ 32.186021] [<ffffffff811d14a4>] search_binary_handler+0x194/0x4f0 [ 32.186021] [<ffffffff811d136f>] ? search_binary_handler+0x5f/0x4f0 [ 32.186021] [<ffffffff81225220>] ? compat_sys_ioctl+0x1510/0x1510 [ 32.186021] [<ffffffff812254b4>] load_script+0x294/0x2c0 [ 32.186021] [<ffffffff810d217f>] ? lock_release_holdtime.part.26+0xf/0x180 [ 32.186021] [<ffffffff81225220>] ? compat_sys_ioctl+0x1510/0x1510 [ 32.186021] [<ffffffff811d14a4>] search_binary_handler+0x194/0x4f0 [ 32.186021] [<ffffffff811d136f>] ? search_binary_handler+0x5f/0x4f0 [ 32.186021] [<ffffffff811d22cb>] do_execve_common.isra.25+0x50b/0x5b0 [ 32.186021] [<ffffffff811d1eea>] ? do_execve_common.isra.25+0x12a/0x5b0 [ 32.186021] [<ffffffff811d238b>] do_execve+0x1b/0x20 [ 32.186021] [<ffffffff811d26c4>] sys_execve+0x54/0x80 [ 32.186021] [<ffffffff816d8f99>] stub_execve+0x69/0xc0 I think this dereference qualifies for the task_lock exception (as noted in kernel/cgroup.c), thus this patch ensures calling perf_event_comm before giving up the task_lock. Changelog -v2 (since <20121103235758.GD18106@...er.stressinduktion.org>): 1) rebased to 3.7-rc4 2) slightly improved/updated commit msg and added more people to Cc Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl> Cc: Paul Mackerras <paulus@...ba.org> Cc: Ingo Molnar <mingo@...hat.com> Cc: Arnaldo Carvalho de Melo <acme@...stprotocols.net> Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org> --- fs/exec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/exec.c b/fs/exec.c index 0039055..a961b9d 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1038,8 +1038,8 @@ void set_task_comm(struct task_struct *tsk, char *buf) memset(tsk->comm, 0, TASK_COMM_LEN); wmb(); strlcpy(tsk->comm, buf, sizeof(tsk->comm)); - task_unlock(tsk); perf_event_comm(tsk); + task_unlock(tsk); } static void filename_to_taskname(char *tcomm, const char *fn, unsigned int len) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists