[PATCH] sched, autogroup: fix kernel crashes caused by runtime disable autogroup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Xiaotian Feng <xtfeng@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: Xiaotian Feng <xtfeng@gmail.com>,
	Xiaotian Feng <dannyfeng@tencent.com>,
	Ingo Molnar <mingo@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>
Subject: [PATCH] sched, autogroup: fix kernel crashes caused by runtime disable autogroup
Date: Fri, 19 Oct 2012 16:36:10 +0800	[thread overview]
Message-ID: <1350635770-9189-1-git-send-email-xtfeng@gmail.com> (raw)

There's a regression from commit 800d4d30, in autogroup_move_group()

	p->signal->autogroup = autogroup_kref_get(ag);

	if (!ACCESS_ONCE(sysctl_sched_autogroup_enabled))
		goto out;
	...
    out:
	autogroup_kref_put(prev);

So kernel changed p's autogroup to ag, but never sched_move_task(p).
Then previous autogroup of p is released, which may release task_group
related with p. After commit 8323f26ce, p->sched_task_group might point
to this stale value, and thus caused kernel crashes.

This is very easy to reproduce, add "kernel.sched_autogroup_enabled = 0"
to your /etc/sysctl.conf, your system will never boot up. It is not reasonable
to put the sysctl enabled check in autogroup_move_group(), kernel should check
it before autogroup_create in sched_autogroup_create_attach().

Reported-by: cwillu <cwillu@cwillu.com>
Reported-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
---
 kernel/sched/auto_group.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
index 0984a21..ac62415 100644
--- a/kernel/sched/auto_group.c
+++ b/kernel/sched/auto_group.c
@@ -143,15 +143,11 @@ autogroup_move_group(struct task_struct *p, struct autogroup *ag)
 
 	p->signal->autogroup = autogroup_kref_get(ag);
 
-	if (!ACCESS_ONCE(sysctl_sched_autogroup_enabled))
-		goto out;
-
 	t = p;
 	do {
 		sched_move_task(t);
 	} while_each_thread(p, t);
 
-out:
 	unlock_task_sighand(p, &flags);
 	autogroup_kref_put(prev);
 }
@@ -159,8 +155,12 @@ out:
 /* Allocates GFP_KERNEL, cannot be called under any spinlock */
 void sched_autogroup_create_attach(struct task_struct *p)
 {
-	struct autogroup *ag = autogroup_create();
+	struct autogroup *ag;
+
+	if (!ACCESS_ONCE(sysctl_sched_autogroup_enabled))
+		return;
 
+	ag = autogroup_create();
 	autogroup_move_group(p, ag);
 	/* drop extra reference added by autogroup_create() */
 	autogroup_kref_put(ag);
-- 
1.7.9.5

next             reply	other threads:[~2012-10-19  8:35 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-19  8:36 Xiaotian Feng [this message]
2012-10-19 13:42 ` [PATCH] sched, autogroup: fix kernel crashes caused by runtime disable autogroup Peter Zijlstra
2012-10-20  6:42   ` Xiaotian Feng
2012-10-20 12:38     ` Mike Galbraith
2012-10-26 20:29       ` Mike Galbraith
2012-10-27 18:26         ` [PATCH] sched, autogroup: fix crash on reboot when autogroup is disabled Mike Galbraith
2012-10-28 10:25           ` Ingo Molnar
2012-10-28 13:13             ` Mike Galbraith
2012-10-28 13:19               ` Ingo Molnar
2012-10-28 13:33                 ` Mike Galbraith
2012-10-28 14:05                   ` Ingo Molnar
2012-10-28 14:27                     ` Mike Galbraith
2012-10-28 19:19                     ` [PATCH] V2 " Mike Galbraith
2012-10-29  2:42                       ` Xiaotian Feng
2012-10-29 12:10                         ` Mike Galbraith
2012-10-30 12:28                       ` [tip:sched/urgent] sched/autogroup: Fix " tip-bot for Mike Galbraith

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0984a21 dfblob:ac62415 )
 OR (
bs:"[PATCH] sched, autogroup: fix kernel crashes caused by runtime disable autogroup" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1350635770-9189-1-git-send-email-xtfeng@gmail.com \
    --to=xtfeng@gmail.com \
    --cc=dannyfeng@tencent.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.