lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4F81D45D.80509@gmail.com>
Date:	Sun, 08 Apr 2012 20:09:33 +0200
From:	Juri Lelli <juri.lelli@...il.com>
To:	Oleg Nesterov <oleg@...hat.com>
CC:	peterz@...radead.org, tglx@...utronix.de, mingo@...hat.com,
	rostedt@...dmis.org, cfriesen@...tel.com, fweisbec@...il.com,
	darren@...art.com, johan.eker@...csson.com, p.faure@...tech.ch,
	linux-kernel@...r.kernel.org, claudio@...dence.eu.com,
	michael@...rulasolutions.com, fchecconi@...il.com,
	tommaso.cucinotta@...up.it, nicola.manica@...i.unitn.it,
	luca.abeni@...tn.it, dhaval.giani@...il.com, hgu1972@...il.com,
	paulmck@...ux.vnet.ibm.com, raistlin@...ux.it,
	insop.song@...csson.com, liming.wang@...driver.com
Subject: Re: [PATCH 01/16] sched: add sched_class->task_dead.

On 04/08/2012 07:49 PM, Oleg Nesterov wrote:
> On 04/06, Juri Lelli wrote:
>>
>> --- a/kernel/sched.c
>> +++ b/kernel/sched.c
>> @@ -3219,6 +3219,9 @@ static void finish_task_switch(struct rq *rq, struct task_struct *prev)
>>   	if (mm)
>>   		mmdrop_delayed(mm);
>>   	if (unlikely(prev_state == TASK_DEAD)) {
>> +		if (prev->sched_class->task_dead)
>> +			prev->sched_class->task_dead(prev);
>> +
>
> And 5/16 adds
>
> 	+static void task_dead_dl(struct task_struct *p)
> 	+{
> 	+       struct hrtimer *timer =&p->dl.dl_timer;
> 	+
> 	+	if (hrtimer_active(timer))
> 	+               hrtimer_try_to_cancel(timer);
> 	+}
>
> This looks suspicious. finish_task_switch() does put_task_struct()
> after that, it is quite possible this actually frees the memory.
>
> What if hrtimer_try_to_cancel() fails because the timer is running?
> In this case __run_hrtimer() can play with the freed timer. Say, to
> clear HRTIMER_STATE_CALLBACK. Not to mention dl_task_timer() itself.
>
> Oleg.
>

Right, hrtimer_cancel(timer) looks way better.

Thanks!

- Juri
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ