Re: [userns-always-map-user-v136] BUG: unable to handle kernel NULL pointer dereference at (null)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Fengguang Wu <fengguang.wu@intel.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [userns-always-map-user-v136] BUG: unable to handle kernel NULL pointer dereference at (null)
Date: Sat, 19 Oct 2013 21:04:57 -0700	[thread overview]
Message-ID: <87li1oa8pi.fsf@xmission.com> (raw)
In-Reply-To: <20131020025026.GB6737@localhost> (Fengguang Wu's message of "Sun, 20 Oct 2013 10:50:26 +0800")

Fengguang Wu <fengguang.wu@intel.com> writes:

> Hi Eric,
>
> It's beyond me why this trivial patch will lead to kernel panic.  But
> the NULL pointer dereference bug is 100% reproducible since this
> commit.

My mistake apparently I failed to boot test that patch.

The problem crash is because
kthreadd_task == NULL.

kthreadd_task is NULL because this little sequence sets kthreadd_task to NULL

	pid = kernel_thread(kthreadd, NULL, CLONE_FS | CLONE_FILES);
	rcu_read_lock();
	kthreadd_task = find_task_by_pid_ns(pid, &init_pid_ns);
	rcu_read_unlock();

The lookup for kthreadd_task fails because when spawning kthread_task
with kernel_thread the is_idle_task(p) test in fork is reporting true,
so the pid is never placed into the pid hash table.

is_idle_task(p) is true because it is testing task_pid(p) two lines
before task_pid(p) is set.  So task_pid(p) is still it's parents value
and the parent of the kthreadd_task is the initial idle task.

So I should have just tested (pid != &init_struct_pid) sigh.  Silly me.

Fixed and pushed out.  That you for reporting this to me.

Eric

     prev parent reply	other threads:[~2013-10-20  4:05 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-20  2:50 [userns-always-map-user-v136] BUG: unable to handle kernel NULL pointer dereference at (null) Fengguang Wu
2013-10-20  4:04 ` Eric W. Biederman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87li1oa8pi.fsf@xmission.com \
    --to=ebiederm@xmission.com \
    --cc=fengguang.wu@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.