iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Qian Cai d22cc7f67d locking/percpu-rwsem: Fix a task_struct refcount 
The following commit:

  7f26482a872c ("locking/percpu-rwsem: Remove the embedded rwsem")

introduced task_struct memory leaks due to messing up the task_struct
refcount.

At the beginning of percpu_rwsem_wake_function(), it calls get_task_struct(),
but if the trylock failed, it will remain in the waitqueue. However, it
will run percpu_rwsem_wake_function() again with get_task_struct() to
increase the refcount but then only call put_task_struct() once the trylock
succeeded.

Fix it by adjusting percpu_rwsem_wake_function() a bit to guard against
when percpu_rwsem_wait() observing !private, terminating the wait and
doing a quick exit() while percpu_rwsem_wake_function() then doing
wake_up_process(p) as a use-after-free.

Fixes: 7f26482a872c ("locking/percpu-rwsem: Remove the embedded rwsem")
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lkml.kernel.org/r/20200330213002.2374-1-cai@lca.pw
2020-04-08 12:05:06 +02:00
..
bpf
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2020-03-30 19:52:37 -07:00
cgroup
Merge branch 'for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2020-04-03 11:30:20 -07:00
configs
compiler: remove CONFIG_OPTIMIZE_INLINING entirely
2020-04-07 10:43:42 -07:00
debug
SPDX patches for 5.7-rc1.
2020-04-03 13:12:26 -07:00
dma
dma-mapping updates for 5.7
2020-04-04 10:12:47 -07:00
events
mm/vma: replace all remaining open encodings with is_vm_hugetlb_page()
2020-04-07 10:43:37 -07:00
gcov
kernel/gcov/fs.c: replace zero-length array with flexible-array member
2020-04-07 10:43:44 -07:00
irq
x86 entry code updates:
2020-03-30 19:14:28 -07:00
livepatch
New tracing features:
2019-11-27 11:42:01 -08:00
locking
locking/percpu-rwsem: Fix a task_struct refcount
2020-04-08 12:05:06 +02:00
power
Additional power management updates for 5.7-rc1
2020-04-06 10:14:39 -07:00
printk
console: Introduce ->exit() callback
2020-02-11 10:44:22 +01:00
rcu
Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-03-30 16:17:15 -07:00
sched
mm/vma: make vma_is_accessible() available for general use
2020-04-07 10:43:37 -07:00
time
hrtimer: Don't dereference the hrtimer pointer after the callback
2020-04-01 13:20:14 +02:00
trace
New tracing features:
2020-04-05 10:36:18 -07:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
acct.c
acct: stop using get_seconds()
2019-12-18 18:07:31 +01:00
async.c
audit_fsnotify.c
fsnotify: use helpers to access data by data_type
2020-03-23 18:19:06 +01:00
audit_tree.c
audit_watch.c
\n
2020-04-06 08:58:42 -07:00
audit.c
audit/stable-5.7 PR 20200330
2020-03-31 15:04:17 -07:00
audit.h
audit: trigger accompanying records when no rules present
2020-03-12 10:42:51 -04:00
auditfilter.c
audit: fix error handling in audit_data_to_entry()
2020-02-22 20:36:47 -05:00
auditsc.c
audit: trigger accompanying records when no rules present
2020-03-12 10:42:51 -04:00
backtracetest.c
bounds.c
capability.c
compat.c
y2038: remove unused time32 interfaces
2020-02-21 11:22:15 -08:00
configs.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
context_tracking.c
context-tracking: Introduce CONFIG_HAVE_TIF_NOHZ
2020-02-14 16:05:04 +01:00
cpu_pm.c
cpu.c
CPU (hotplug) updates:
2020-03-30 18:06:39 -07:00
crash_core.c
crash_dump.c
cred.c
kernel: doc: remove outdated comment cred.c
2020-03-25 10:04:01 -05:00
delayacct.c
dma.c
elfcore.c
kernel/elfcore.c: include proper prototypes
2019-09-25 17:51:39 -07:00
exec_domain.c
exit.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-04-02 11:22:17 -07:00
extable.c
kernel/extable.c: use address-of operator on section symbols
2020-04-07 10:43:42 -07:00
fail_function.c
fork.c
mm: set vm_next and vm_prev to NULL in vm_area_dup()
2020-04-07 10:43:37 -07:00
freezer.c
Revert "libata, freezer: avoid block device removal while system is frozen"
2019-10-06 09:11:37 -06:00
futex.c
Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-03-30 16:17:15 -07:00
gen_kheaders.sh
kheaders: explain why include/config/autoconf.h is excluded from md5sum
2019-11-11 20:10:01 +09:00
groups.c
hung_task.c
iomem.c
mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
2019-07-12 11:05:40 -07:00
irq_work.c
lockdep: Annotate irq_work
2020-03-21 16:00:24 +01:00
jump_label.c
jump_label: Don't warn on __exit jump entries
2019-08-29 15:10:10 +01:00
kallsyms.c
kallsyms: unexport kallsyms_lookup_name() and kallsyms_on_each_symbol()
2020-04-07 10:43:44 -07:00
kcmp.c
kernel/kcmp.c: Use new infrastructure to fix deadlocks in execve
2020-03-25 10:04:01 -05:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
sched/rt, locking: Use CONFIG_PREEMPTION
2019-12-08 14:37:36 +01:00
Kconfig.preempt
sched/Kconfig: Fix spelling mistake in user-visible help text
2019-11-12 11:35:32 +01:00
kcov.c
kcov: remote coverage support
2019-12-04 19:44:14 -08:00
kexec_core.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec_elf.c
kexec_elf: support 32 bit ELF files
2019-09-06 23:58:44 +02:00
kexec_file.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec_internal.h
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kheaders.c
kmod.c
kernel/kmod.c: fix a typo "assuems" -> "assumes"
2020-04-07 10:43:44 -07:00
kprobes.c
kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
2020-01-09 12:40:13 +01:00
ksysfs.c
kthread.c
kthread: Do not preempt current task if it is going to call schedule()
2020-03-20 13:06:20 +01:00
latencytop.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
Makefile
kcov: ignore fault-inject and stacktrace
2020-01-31 10:30:41 -08:00
module_signature.c
MODSIGN: Export module signature definitions
2019-08-05 18:39:56 -04:00
module_signing.c
MODSIGN: Export module signature definitions
2019-08-05 18:39:56 -04:00
module-internal.h
module.c
proc: faster open/read/close with "permanent" files
2020-04-07 10:43:42 -07:00
notifier.c
x86/mm: split vmalloc_sync_all()
2020-03-21 18:56:06 -07:00
nsproxy.c
ns: Introduce Time Namespace
2020-01-14 12:20:48 +01:00
padata.c
crypto: pcrypt - simplify error handling in pcrypt_create_aead()
2020-03-06 12:28:24 +11:00
panic.c
locking/refcount: Remove unused 'refcount_error_report()' function
2019-11-25 09:15:42 +01:00
params.c
lockdown: Lock down module params that specify hardware parameters (eg. ioport)
2019-08-19 21:54:16 -07:00
pid_namespace.c
pid: Improve the comment about waiting in zap_pid_ns_processes
2020-02-28 16:29:12 -06:00
pid.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-04-02 11:22:17 -07:00
profile.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
ptrace.c
ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
2020-01-18 13:51:39 +01:00
range.c
reboot.c
relay.c
resource.c
mm/memory_hotplug.c: use PFN_UP / PFN_DOWN in walk_system_ram_range()
2019-09-24 15:54:09 -07:00
rseq.c
rseq: Reject unknown flags on rseq unregister
2019-12-25 10:41:20 +01:00
seccomp.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-03-31 17:29:33 -07:00
signal.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-04-02 11:22:17 -07:00
smp.c
cpu/hotplug: Move bringup of secondary CPUs out of smp_init()
2020-03-25 12:59:37 +01:00
smpboot.c
smpboot.h
softirq.c
lockdep: Rename trace_{hard,soft}{irq_context,irqs_enabled}()
2020-03-21 16:03:54 +01:00
stackleak.c
stacktrace.c
stacktrace: Get rid of unneeded '!!' pattern
2019-11-11 10:30:59 +01:00
stop_machine.c
stop_machine: Make stop_cpus() static
2020-01-17 10:19:21 +01:00
sys_ni.c
y2038: allow disabling time32 system calls
2019-11-15 14:38:30 +01:00
sys.c
sys/sysinfo: Respect boottime inside time namespace
2020-03-03 19:34:32 +01:00
sysctl_binary.c
sysctl: Remove the sysctl system call
2019-11-26 13:03:56 -06:00
sysctl-test.c
kunit: allow kunit tests to be loaded as a module
2020-01-09 16:42:29 -07:00
sysctl.c
mm/compaction: Disable compact_unevictable_allowed on RT
2020-04-02 09:35:31 -07:00
task_work.c
task_work_run: don't take ->pi_lock unconditionally
2020-03-02 14:06:33 -07:00
taskstats.c
taskstats: fix data-race
2019-12-04 15:18:39 +01:00
test_kprobes.c
torture.c
CPU (hotplug) updates:
2020-03-30 18:06:39 -07:00
tracepoint.c
The main changes in this release include:
2019-07-18 11:51:00 -07:00
tsacct.c
tsacct: add 64-bit btime field
2019-12-18 18:07:31 +01:00
ucount.c
proc/sysctl: add shared variables for range check
2019-07-18 17:08:07 -07:00
uid16.c
uid16.h
umh.c
up.c
smp/up: Make smp_call_function_single() match SMP semantics
2020-02-07 15:34:12 +01:00
user_namespace.c
Keyrings namespacing
2019-07-08 19:36:47 -07:00
user-return-notifier.c
user.c
Keyrings namespacing
2019-07-08 19:36:47 -07:00
utsname_sysctl.c
utsname.c
watchdog_hld.c
watchdog.c
watchdog/softlockup: Enforce that timestamp is valid on boot
2020-01-17 11:19:22 +01:00
workqueue_internal.h
workqueue.c
Merge branch 'for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
2020-04-03 12:27:36 -07:00