lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0904241249180.20196@blonde.anvils>
Date:	Fri, 24 Apr 2009 12:55:44 +0100 (BST)
From:	Hugh Dickins <hugh@...itas.com>
To:	Stephen Rothwell <sfr@...b.auug.org.au>
cc:	Sachin Sant <sachinp@...ibm.com>, linux-next@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>, linuxppc-dev@...abs.org,
	Ingo Molnar <mingo@...hat.com>, peterz@...radead.org,
	Al Viro <viro@...IV.linux.org.uk>,
	Oleg Nesterov <oleg@...hat.com>
Subject: Re: Next April 24 : BUG: lock held at task exit time!

On Fri, 24 Apr 2009, Stephen Rothwell wrote:
> On Fri, 24 Apr 2009 12:25:41 +0530 Sachin Sant <sachinp@...ibm.com> wrote:
> >
> > While booting today's next tree on a powerpc box [ power 6 blade]
> > observed the following :
> > 
> > khelper used greatest stack depth: 10176 bytes left
> > 
> > =====================================
> > [ BUG: lock held at task exit time! ]
> > -------------------------------------
> > khelper/21 is exiting with locks still held!
> > 2 locks held by khelper/21:
> >  #0:  (rcu_read_lock){.+.+.+}, at: [<c0000000001382fc>] 
> > .check_unsafe_exec+0x44/0x148
> >  #1:  (rcu_read_lock){.+.+.+}, at: [<c000000000138368>] 
> > .check_unsafe_exec+0xb0/0x148
> > 
> > stack backtrace:
> > Call Trace:
> > [c000000044483cf0] [c000000000011a54] .show_stack+0x6c/0x16c (unreliable)
> > [c000000044483da0] [c00000000009ae14] .debug_check_no_locks_held+0x98/0xb4
> > [c000000044483e20] [c000000000073b1c] .do_exit+0x758/0x7b0
> > [c000000044483f00] [c0000000000853d8] .____call_usermodehelper+0x170/0x174
> > [c000000044483f90] [c00000000002bd8c] .kernel_thread+0x54/0x70
> > net_namespace: 2000 bytes
> > 
> > Complete dmesg attached. Let me know if you need any other info. I will 
> > try yesterday's next
> > tree to check if this problem can be recreated.
> 
> Almost certainly commit 874a9e18f25c86dbc199ad32ddd9ca44d25290e8
> ("check_unsafe_exec: s/lock_task_sighand/rcu_read_lock/") which has a
> typo (two locks instead of lock/unlock) as pointed out by Hugh Dickins
> (<Pine.LNX.4.64.0904240526080.15735@...nde.anvils> on LKML).

Indeed, thanks for the headsup Stephen.  My own config gives, not
Sachin's message (or not still visibly on screen anyway), but an
outright panic.  Shame that leaked out into the big world, we'd
all have preferred a quiet fixup!  Here's a patch, which I'll
also send as reply to the relevant thread.

[PATCH] check_unsafe_exec: rcu_read_unlock

Fix typo in previous commit: second rcu_read_lock should be rcu_read_unlock.

Signed-off-by: Hugh Dickins <hugh@...itas.com>
---

 fs/exec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- 2.6.30-rc3-next-20090424/fs/exec.c	2009-04-24 12:23:43.000000000 +0100
+++ linux/fs/exec.c	2009-04-24 12:26:10.000000000 +0100
@@ -1043,7 +1043,7 @@ int check_unsafe_exec(struct linux_binpr
 		if (t->fs == p->fs)
 			n_fs++;
 	}
-	rcu_read_lock();
+	rcu_read_unlock();
 
 	if (p->fs->users > n_fs) {
 		bprm->unsafe |= LSM_UNSAFE_SHARE;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ