| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Nov 2012 06:32:28 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: linux-kernel@...r.kernel.org
Cc: a.p.zijlstra@...llo.nl, paulus@...ba.org, mingo@...hat.com,
acme@...stprotocols.net
Subject: [PATCH] perf: call perf_event_comm under task_lock to fix suspicious rcu usage
Following RCU warning showed up while executing a shebang-script under
perf-record (could even be an empty script) on a 3.7-rc4 stable kernel:
[ 32.185108]
[ 32.185332] ===============================
[ 32.185602] [ INFO: suspicious RCU usage. ]
[ 32.185903] 3.7.0-rc4 #1 Not tainted
[ 32.186021] -------------------------------
[ 32.186021] include/linux/cgroup.h:566 suspicious rcu_dereference_check() usage!
[ 32.186021]
[ 32.186021] other info that might help us debug this:
[ 32.186021]
[ 32.186021]
[ 32.186021] rcu_scheduler_active = 1, debug_locks = 0
[ 32.186021] 1 lock held by empty.sh/556:
[ 32.186021] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff811d1d16>] prepare_bprm_creds+0x36/0x80
[ 32.186021]
[ 32.186021] stack backtrace:
[ 32.186021] Pid: 556, comm: empty.sh Not tainted 3.7.0-rc4 #1
[ 32.186021] Call Trace:
[ 32.186021] [<ffffffff810d336d>] lockdep_rcu_suspicious+0xfd/0x130
[ 32.186021] [<ffffffff81153de6>] perf_event_comm+0x436/0x610
[ 32.186021] [<ffffffff810d181d>] ? trace_hardirqs_off+0xd/0x10
[ 32.186021] [<ffffffff810ac37f>] ? local_clock+0x6f/0x80
[ 32.186021] [<ffffffff810d217f>] ? lock_release_holdtime.part.26+0xf/0x180
[ 32.186021] [<ffffffff811d1bd3>] set_task_comm+0x73/0x180
[ 32.186021] [<ffffffff811d24ba>] setup_new_exec+0x9a/0x210
[ 32.186021] [<ffffffff81225cf3>] load_elf_binary+0x3e3/0x1ab0
[ 32.186021] [<ffffffff810ac0f5>] ? sched_clock_local+0x25/0xa0
[ 32.186021] [<ffffffff810ac298>] ? sched_clock_cpu+0xa8/0x120
[ 32.186021] [<ffffffff810d181d>] ? trace_hardirqs_off+0xd/0x10
[ 32.186021] [<ffffffff810ac37f>] ? local_clock+0x6f/0x80
[ 32.186021] [<ffffffff81225910>] ? load_elf_library+0x240/0x240
[ 32.186021] [<ffffffff81225910>] ? load_elf_library+0x240/0x240
[ 32.186021] [<ffffffff811d14a4>] search_binary_handler+0x194/0x4f0
[ 32.186021] [<ffffffff811d136f>] ? search_binary_handler+0x5f/0x4f0
[ 32.186021] [<ffffffff81225220>] ? compat_sys_ioctl+0x1510/0x1510
[ 32.186021] [<ffffffff812254b4>] load_script+0x294/0x2c0
[ 32.186021] [<ffffffff810d217f>] ? lock_release_holdtime.part.26+0xf/0x180
[ 32.186021] [<ffffffff81225220>] ? compat_sys_ioctl+0x1510/0x1510
[ 32.186021] [<ffffffff811d14a4>] search_binary_handler+0x194/0x4f0
[ 32.186021] [<ffffffff811d136f>] ? search_binary_handler+0x5f/0x4f0
[ 32.186021] [<ffffffff811d22cb>] do_execve_common.isra.25+0x50b/0x5b0
[ 32.186021] [<ffffffff811d1eea>] ? do_execve_common.isra.25+0x12a/0x5b0
[ 32.186021] [<ffffffff811d238b>] do_execve+0x1b/0x20
[ 32.186021] [<ffffffff811d26c4>] sys_execve+0x54/0x80
[ 32.186021] [<ffffffff816d8f99>] stub_execve+0x69/0xc0
I think this dereference qualifies for the task_lock exception (as noted
in kernel/cgroup.c), thus this patch ensures calling perf_event_comm
before giving up the task_lock.
Changelog -v2 (since <20121103235758.GD18106@...er.stressinduktion.org>):
1) rebased to 3.7-rc4
2) slightly improved/updated commit msg and added more people to Cc
Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc: Paul Mackerras <paulus@...ba.org>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: Arnaldo Carvalho de Melo <acme@...stprotocols.net>
Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
---
fs/exec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/exec.c b/fs/exec.c
index 0039055..a961b9d 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1038,8 +1038,8 @@ void set_task_comm(struct task_struct *tsk, char *buf)
memset(tsk->comm, 0, TASK_COMM_LEN);
wmb();
strlcpy(tsk->comm, buf, sizeof(tsk->comm));
- task_unlock(tsk);
perf_event_comm(tsk);
+ task_unlock(tsk);
}
static void filename_to_taskname(char *tcomm, const char *fn, unsigned int len)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists