Re: 答复: [External Mail]Re: [PATCH 1/1] sched: fix user_mask double free

From: Waiman Long
Date: Thu Nov 24 2022 - 21:09:48 EST

Next message: Quan, Evan: "RE: [PATCH] drm/amdgpu: add mb for si"
Previous message: Ming Qian: "[PATCH v2] media: videobuf2: add V4L2_BUF_FLAG_HEADERS_ONLY flag"
In reply to: Wenjie Li (Evan): "RE: 答复: [External Mail]Re: [PATCH 1/1] sched: fix user_mask double free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/24/22 07:04, Wenjie Li (Evan) wrote:

Hi, Waiman.

"The clearing of user_cpus_ptr is protected by pi_lock. IOW, racing between dup_user_cpus_ptr() and do_set_cpus_allowed is not possible and double free like what you have suggested should not happen." We still can understand why it is impossible to happen. Because we indeed met this issue. Following is we got from ftrace.

1. Task A pid 27961 run on core6 and is forking/cloning task pid 28051, and task B pid 28051 will copy task struct data from task A pid 27961. So task A p->user_cpus_ptr = ffffff884fbf9200 is equal to task B p->user_cpus_ptr=ffffff884fbf9200 through arch_dup_task_struct.

You are right. I forgot the fact that the value of dst->user_cpus_ptr is a copy of src. I have posted a v3 patch to address that. Thanks for the spotting that.

Cheers,
Longman

Next message: Quan, Evan: "RE: [PATCH] drm/amdgpu: add mb for si"
Previous message: Ming Qian: "[PATCH v2] media: videobuf2: add V4L2_BUF_FLAG_HEADERS_ONLY flag"
In reply to: Wenjie Li (Evan): "RE: 答复: [External Mail]Re: [PATCH 1/1] sched: fix user_mask double free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]