| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jan 2016 22:30:19 -0500
From: "W. Michael Petullo" <mike@...n.org>
To: linux-kernel@...r.kernel.org
Subject: Walking a wait_queue_t list of tasks blocked on pipe
I am trying to write code to walk a wait_queue_t list as part of a LSM
file_permission function. The purpose is to act on each task which has
blocked while trying to read from a pipe.
I modeled my code on __wake_up_common() in kernel/sched/core.c, and it
looks something like this:
// i_pipe is a struct pipe_inode_info *
if (i_pipe->reader <= 0) {
return;
}
list_for_each_entry_safe(curr, next, &i_pipe->wait.task, task_list) {
[...]
struct task_struct *blocked = curr->private;
[...]
}
I am not updating the list itself. I am merely setting a value within
each task_struct's security object.
I have tried to wrap my code with this:
pipe_lock(i_pipe)
pipe_unlock[...]
this:
write_lock_irq(&tasklist_lock)
write_unlock_irq[...]
and also this:
spin_lock_irqsave(&i_pipe->wait.lock, flags)
spin_unlock_irqrestore[...]
Despite these locks, I sometimes find that blocked (AKA curr->private) ==
NULL during an iteration of the list_for_each_entry_safe loop, and this
surprises me. Somme memory corruption errors also seem to indicate that
sometimes blocked contains an invalid pointer other than NULL. Why would
there be en entry in the wait_queue_t list which does not have a process
associated with it? Is the data structure moving out from under me? Is
there something else I should lock?
Thank you,
--
Mike
:wq
Powered by blists - more mailing lists