Re: [RFC][PATCH] fix move/migrate_pages() race on task struct

[Andi Kleen]

Dave Hansen <dave@xxxxxxxxxxxxxxxxxx> writes:

> sys_move_pages() and sys_migrate_pages() are a pretty nice copy
> and paste job of each other.  They both take a pid, find the task
> struct, and then grab a ref on the mm.  They both also do an
> rcu_read_unlock() after they've taken the mm and then proceed to
> access 'task'.  I think this is a bug in both cases.

Can we share code?


>
> This patch takes the pid-to-task code along with the credential
> and security checks in sys_move_pages() and sys_migrate_pages()
> and consolidates them.  It now takes a task reference in
> the new function and requires the caller to drop it.  I
> believe this resolves the race.

Looks good to me.

Reviewed-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>

BTW looks like we really need a better stress test for these
syscalls.

-Andi

-- 
ak@xxxxxxxxxxxxxxx -- Speaking for myself only
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/