lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8a48c522-afbc-f18f-5080-4c915f87e2bc@redhat.com>
Date:   Thu, 24 Nov 2022 21:08:25 -0500
From:   Waiman Long <longman@...hat.com>
To:     "Wenjie Li (Evan)" <wenjieli@....qualcomm.com>,
        David Wang 王标 <wangbiao3@...omi.com>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     "mingo@...hat.com" <mingo@...hat.com>,
        "juri.lelli@...hat.com" <juri.lelli@...hat.com>,
        "vincent.guittot@...aro.org" <vincent.guittot@...aro.org>,
        "brauner@...nel.org" <brauner@...nel.org>,
        "bsegall@...gle.com" <bsegall@...gle.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        陈冠有 <chenguanyou@...omi.com>,
        Will Deacon <will@...nel.org>,
        Ting11 Wang 王婷 <wangting11@...omi.com>
Subject: Re: 答复: [External Mail]Re: [PATCH 1/1] sched: fix user_mask double free


On 11/24/22 07:04, Wenjie Li (Evan) wrote:
> Hi, Waiman.
>
> "The clearing of user_cpus_ptr is protected by pi_lock. IOW, racing between dup_user_cpus_ptr() and do_set_cpus_allowed is not possible and double free like what you have suggested should not happen." We still can understand why it is impossible to happen. Because we indeed met this issue. Following is we got from ftrace.
>
> 1. Task  A  pid 27961 run on core6 and is forking/cloning task pid 28051, and task B  pid 28051 will copy task struct data from task A pid 27961. So task A p->user_cpus_ptr = ffffff884fbf9200 is equal to task B p->user_cpus_ptr=ffffff884fbf9200 through arch_dup_task_struct.

You are right. I forgot the fact that the value of dst->user_cpus_ptr is 
a copy of src. I have posted a v3 patch to address that. Thanks for the 
spotting that.

Cheers,
Longman


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ