Re: perf: use-after-free in perf_release

From: Oleg Nesterov
Date: Tue Mar 07 2017 - 09:06:07 EST

Next message: Alexander Potapenko: "[PATCH] net: initialize msg.msg_flags in recvfrom"
Previous message: Neil Armstrong: "[PATCH 2/3] pinctrl: meson-gxl: Fix inverted registers and add missing pins"
In reply to: Peter Zijlstra: "Re: perf: use-after-free in perf_release"
Next in thread: Dmitry Vyukov: "Re: perf: use-after-free in perf_release"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/06, Peter Zijlstra wrote:
>
> and this is a failed fork().
>
>
> However, inherited events don't have a filedesc to fput(), and
> similarly, a task that fails for has never been visible to attach a perf
> event to because it never hits the pid-hash.

Yes, it is not visible to find_task_by_vpid() until copy_process() does
attach_pid(PIDTYPE_PID), and copy_process() can't fail after that.

Oleg.

Next message: Alexander Potapenko: "[PATCH] net: initialize msg.msg_flags in recvfrom"
Previous message: Neil Armstrong: "[PATCH 2/3] pinctrl: meson-gxl: Fix inverted registers and add missing pins"
In reply to: Peter Zijlstra: "Re: perf: use-after-free in perf_release"
Next in thread: Dmitry Vyukov: "Re: perf: use-after-free in perf_release"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]