From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753465AbbJ0A0r (ORCPT ); Mon, 26 Oct 2015 20:26:47 -0400 Received: from bombadil.infradead.org ([198.137.202.9]:60071 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751746AbbJ0A0p (ORCPT ); Mon, 26 Oct 2015 20:26:45 -0400 Date: Mon, 26 Oct 2015 17:26:42 -0700 From: Christoph Hellwig To: Oleg Nesterov Cc: Andrew Morton , Markus Pargmann , Tejun Heo , nbd-general@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/1] kthread: introduce kthread_get_run() to fix __nbd_ioctl() Message-ID: <20151027002642.GA32444@infradead.org> References: <20151025142655.GA30961@redhat.com> <20151025142713.GA30965@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151025142713.GA30965@redhat.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 25, 2015 at 03:27:13PM +0100, Oleg Nesterov wrote: > It is not safe to use the task_struct returned by kthread_run(threadfn) > if threadfn() can exit before the "owner" does kthread_stop(), nothing > protects this task_struct. > > So __nbd_ioctl() looks buggy; a killed nbd_thread_send() can exit, free > its task_struct, and then kthread_stop() can use the freed/reused memory. > > Add the new trivial helper, kthread_get_run(). Hopefully it will have more > users, this patch changes __nbd_ioctl() as an example. This looks horrible. I think the real problem is that nbd is totally abusing signals for kthreads and that needs to go away.