| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8a48c522-afbc-f18f-5080-4c915f87e2bc@redhat.com>
Date: Thu, 24 Nov 2022 21:08:25 -0500
From: Waiman Long <longman@...hat.com>
To: "Wenjie Li (Evan)" <wenjieli@....qualcomm.com>,
David Wang 王标 <wangbiao3@...omi.com>,
Peter Zijlstra <peterz@...radead.org>
Cc: "mingo@...hat.com" <mingo@...hat.com>,
"juri.lelli@...hat.com" <juri.lelli@...hat.com>,
"vincent.guittot@...aro.org" <vincent.guittot@...aro.org>,
"brauner@...nel.org" <brauner@...nel.org>,
"bsegall@...gle.com" <bsegall@...gle.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
陈冠有 <chenguanyou@...omi.com>,
Will Deacon <will@...nel.org>,
Ting11 Wang 王婷 <wangting11@...omi.com>
Subject: Re: 答复: [External Mail]Re: [PATCH 1/1] sched: fix user_mask double free
On 11/24/22 07:04, Wenjie Li (Evan) wrote:
> Hi, Waiman.
>
> "The clearing of user_cpus_ptr is protected by pi_lock. IOW, racing between dup_user_cpus_ptr() and do_set_cpus_allowed is not possible and double free like what you have suggested should not happen." We still can understand why it is impossible to happen. Because we indeed met this issue. Following is we got from ftrace.
>
> 1. Task A pid 27961 run on core6 and is forking/cloning task pid 28051, and task B pid 28051 will copy task struct data from task A pid 27961. So task A p->user_cpus_ptr = ffffff884fbf9200 is equal to task B p->user_cpus_ptr=ffffff884fbf9200 through arch_dup_task_struct.
You are right. I forgot the fact that the value of dst->user_cpus_ptr is
a copy of src. I have posted a v3 patch to address that. Thanks for the
spotting that.
Cheers,
Longman
Powered by blists - more mailing lists