| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <481FF115.8030503@linux.vnet.ibm.com> Date: Tue, 06 May 2008 11:18:05 +0530 From: Balbir Singh <balbir@...ux.vnet.ibm.com> To: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> CC: Lee Schermerhorn <Lee.Schermerhorn@...com>, KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>, LKML <linux-kernel@...r.kernel.org>, linux-mm <linux-mm@...ck.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: on CONFIG_MM_OWNER=y, kernel panic is possible. KOSAKI Motohiro wrote: > on CONFIG_MM_OWNER=y (that is automatically turned on by mem-cgroup), > kernel panic is possible by following scenario in mm_update_next_owner(). > > 1. mm_update_next_owner() is called. > 2. found caller task in do_each_thread() loop. > 3. thus, BUG_ON(c == p) is true, it become kernel panic. > > end up, We should left out current task. > > That is not possible. If you look at where mm_update_next_owner() is called from, we call it from exit_mm() and exec_mmap() In both cases, we ensure that the task's mm has changed (to NULL and the new mm respectively), before we call mm_update_next_owner(), hence c->mm can never be equal to p->mm. -- Warm Regards, Balbir Singh Linux Technology Center IBM, ISTL -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists