| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Mar 2016 13:09:03 +0100 From: Peter Zijlstra <peterz@...radead.org> To: Kazuki Yamaguchi <k@....jp> Cc: Tejun Heo <tj@...nel.org>, Niklas Cassel <niklas.cassel@...s.com>, linux-kernel@...r.kernel.org Subject: Re: [BUG] sched: leaf_cfs_rq_list use after free On Mon, Mar 14, 2016 at 12:20:57PM +0100, Peter Zijlstra wrote: > So I would suggest TJ to revert that patch and queue it for stable. > > It it clearly borken, because cgroup_exit() is called from preemptible > context, so _obviously_ we can (and clearly will) schedule after that, > which is somewhat hard if the cgroup we're supposedly belonging to has > been torn to shreds in the meantime. And I think it might be fundamentally broken, because it leaves ->css set to whatever cgroup we had, while simultaneously allowing that css to go away. This means that anything trying to use this pointer; and there's quite a lot of that; is in for a nasty surprise. So you really need to change the ->css, either when the task starts dying (like it used to), or otherwise right before the cgroup goes offline. The argument used was that people want to see resources consumed by Zombies, which is all fine and dandy, but when you destroy the cgroup you cannot see that anyway. So something needs to fundamentally ensure that ->css changes before we go offline the thing.
Powered by blists - more mailing lists