| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250414-lappalie-abhilfe-eb7810af39bb@brauner>
Date: Mon, 14 Apr 2025 21:39:47 +0200
From: Christian Brauner <brauner@...nel.org>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Mateusz Guzik <mjguzik@...il.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>, "Liam R. Howlett" <Liam.Howlett@...cle.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] release_task: kill the no longer needed
get/put_pid(thread_pid)
On Fri, Apr 11, 2025 at 02:18:57PM +0200, Oleg Nesterov wrote:
> After the commit 7903f907a2260 ("pid: perform free_pid() calls outside
> of tasklist_lock") __unhash_process() -> detach_pid() no longer calls
> free_pid(), proc_flush_pid() can just use p->thread_pid without the
> now pointless get_pid() + put_pid().
>
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
> ---
> kernel/exit.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/exit.c b/kernel/exit.c
> index 1b51dc099f1e..96d639383f86 100644
> --- a/kernel/exit.c
> +++ b/kernel/exit.c
> @@ -239,7 +239,6 @@ void release_task(struct task_struct *p)
> {
> struct release_task_post post;
> struct task_struct *leader;
> - struct pid *thread_pid;
> int zap_leader;
> repeat:
> memset(&post, 0, sizeof(post));
> @@ -253,8 +252,6 @@ void release_task(struct task_struct *p)
> pidfs_exit(p);
> cgroup_release(p);
>
> - thread_pid = get_pid(p->thread_pid);
> -
> write_lock_irq(&tasklist_lock);
> ptrace_release_task(p);
> __exit_signal(&post, p);
> @@ -282,8 +279,8 @@ void release_task(struct task_struct *p)
> }
>
> write_unlock_irq(&tasklist_lock);
> - proc_flush_pid(thread_pid);
> - put_pid(thread_pid);
> + /* p->thread_pid can't go away until free_pids() below */
> + proc_flush_pid(p->thread_pid);
This cannot work though, right?
Because after __unhash_process() p->thread_pid may be NULL:
__unhash_process()
-> detach_pid()
-> __change_pid()
{
struct pid **pid_ptr, *pid;
pid_ptr = task_pid_ptr(task, type);
*pid_ptr = NULL;
for (tmp = PIDTYPE_MAX; --tmp >= 0; )
if (pid_has_task(pid, tmp)) /* will be false if @group_dead is true
return;
WARN_ON(pids[type]);
pids[type] = pid;
}
so this needs:
diff --git a/kernel/exit.c b/kernel/exit.c
index e6132ebdaed4..9232c4c684e9 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -244,6 +244,7 @@ void release_task(struct task_struct *p)
{
struct release_task_post post;
struct task_struct *leader;
+ struct pid *thread_pid = task_pid(p);
int zap_leader;
repeat:
memset(&post, 0, sizeof(post));
@@ -285,7 +286,7 @@ void release_task(struct task_struct *p)
write_unlock_irq(&tasklist_lock);
/* p->thread_pid can't go away until free_pids() below */
- proc_flush_pid(p->thread_pid);
+ proc_flush_pid(thread_pid);
add_device_randomness(&p->se.sum_exec_runtime,
sizeof(p->se.sum_exec_runtime));
free_pids(post.pids);
I've folded this diff into your patch, Oleg. Let me know if you see any
additional issues with this.
Powered by blists - more mailing lists