| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Aug 2008 18:43:49 -0700 From: sukadev@...ibm.com To: Oleg Nesterov <oleg@...sign.ru> Cc: Andrew Morton <akpm@...ux-foundation.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Pavel Emelyanov <xemul@...nvz.org>, Robert Rex <robert.rex@...sol.com>, Roland McGrath <roland@...hat.com>, Serge Hallyn <serue@...ibm.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/4] pid_ns: zap_pid_ns_processes: fix the ->child_reaper changing Oleg Nesterov [oleg@...sign.ru] wrote: | zap_pid_ns_processes() sets pid_ns->child_reaper = NULL, this is wrong. | | Yes, we have already killed all tasks in this namespace, and sys_wait4() | doesn't see any child. But this doesn't mean ->children list is empty, | we may have EXIT_DEAD tasks which are not visible to do_wait(). In that | case the subsequent forget_original_parent() will crash the kernel because | it will try to re-parent these tasks to the NULL reaper. | | Even if there are no childs, it is not good that forget_original_parent() | uses reaper == NULL. | | Change the code to set ->child_reaper = init_pid_ns.child_reaper instead. | We could use pid_ns->parent->child_reaper as well, I think this does not | really matter. These EXIT_DEAD tasks are not visible to the new ->parent | after re-parenting, they will silently do release_task() eventually. | | Note that we must change ->child_reaper, otherwise forget_original_parent() | will use reaper == father, and in that case we will hit the (correct) | BUG_ON(!list_empty(&father->children)). | | Signed-off-by: Oleg Nesterov <oleg@...sign.ru> Acked-by: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> | | --- 2.6.27-rc4/kernel/pid_namespace.c~1_ZAP_DONT_CLEAR_REAPER 2008-07-30 13:12:49.000000000 +0400 | +++ 2.6.27-rc4/kernel/pid_namespace.c 2008-08-24 17:22:59.000000000 +0400 | @@ -179,9 +179,12 @@ void zap_pid_ns_processes(struct pid_nam | rc = sys_wait4(-1, NULL, __WALL, NULL); | } while (rc != -ECHILD); | | - | - /* Child reaper for the pid namespace is going away */ | - pid_ns->child_reaper = NULL; | + /* | + * We can not clear ->child_reaper or leave it alone. | + * There may by stealth EXIT_DEAD tasks on ->children, | + * forget_original_parent() must move them somewhere. | + */ | + pid_ns->child_reaper = init_pid_ns.child_reaper; | acct_exit_ns(pid_ns); | return; | } | | -- | To unsubscribe from this list: send the line "unsubscribe linux-kernel" in | the body of a message to majordomo@...r.kernel.org | More majordomo info at http://vger.kernel.org/majordomo-info.html | Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists