Re: [PATCH V2] sched/numa: Fix use-after-free bug in the task_numa_compare

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Gavin Guo <gavin.guo@canonical.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	linux-mm@kvack.org, Jay Vosburgh <jay.vosburgh@canonical.com>,
	Liang Chen <liang.chen@canonical.com>,
	mgorman@suse.de, mingo@redhat.com, riel@redhat.com
Subject: Re: [PATCH V2] sched/numa: Fix use-after-free bug in the task_numa_compare
Date: Tue, 19 Jan 2016 10:35:35 +0100	[thread overview]
Message-ID: <20160119093535.GA2458@gmail.com> (raw)
In-Reply-To: <CA+eFSM1AUYLeGmmBgEzz8PCFMgsmCuztQpOSy3OiT1_3453ozg@mail.gmail.com>


* Gavin Guo <gavin.guo@canonical.com> wrote:

> Hi Peter,
> 
> On Tue, Jan 19, 2016 at 1:13 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> > On Mon, Jan 18, 2016 at 11:24:21PM +0800, gavin.guo@canonical.com wrote:
> >> From: Gavin Guo <gavin.guo@canonical.com>
> >>
> >> The following message can be observed on the Ubuntu v3.13.0-65 with KASan
> >> backported:
> >
> > <snip>
> >
> >> As commit 1effd9f19324 ("sched/numa: Fix unsafe get_task_struct() in
> >> task_numa_assign()") points out, the rcu_read_lock() cannot protect the
> >> task_struct from being freed in the finish_task_switch(). And the bug
> >> happens in the process of calculation of imp which requires the access of
> >> p->numa_faults being freed in the following path:
> >>
> >> do_exit()
> >>         current->flags |= PF_EXITING;
> >>     release_task()
> >>         ~~delayed_put_task_struct()~~
> >>     schedule()
> >>     ...
> >>     ...
> >> rq->curr = next;
> >>     context_switch()
> >>         finish_task_switch()
> >>             put_task_struct()
> >>                 __put_task_struct()
> >>                   task_numa_free()
> >>
> >> The fix here to get_task_struct() early before end of dst_rq->lock to
> >> protect the calculation process and also put_task_struct() in the
> >> corresponding point if finally the dst_rq->curr somehow cannot be
> >> assigned.
> >>
> >> v1->v2:
> >> - Fix coding style suggested by Peter Zijlstra.
> >>
> >> Signed-off-by: Gavin Guo <gavin.guo@canonical.com>
> >> Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
> >
> > Argh, sorry for not noticing before; this SoB chain is not valid.
> >
> > Gavin wrote (per From) and send me the patch (per actual email headers),
> > so Liang never touched it.
> >
> > Should that be a reviewed-by for him?
> 
> Liang is also the co-author of the original patch, we figured out the code
> by parallel programming, part of the idea was came from him. If SoB is
> not valid, can I change the line to the following?
> 
> Co-authored-by: Liang Chen <liangchen.linux@gmail.com>

So unless you guys shared the same keyboard at the same time, there's at least 
line granular authorship, right?

The main author (the guy who wrote the most code and comments) should be the 
'From' author - additional help can be credited in the changelog. If of one you 
wrote an initial version that the other one used, you can use something like:

 Originally-From: ...

Thanks,

	Ingo

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

next prev parent reply	other threads:[~2016-01-19  9:35 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-18 13:59 [PATCH] " gavin.guo
2016-01-18 14:03 ` Rik van Riel
2016-01-18 14:33 ` Peter Zijlstra
2016-01-18 15:24   ` [PATCH V2] " gavin.guo
2016-01-18 17:13     ` Peter Zijlstra
2016-01-18 23:40       ` Gavin Guo
2016-01-19  9:35         ` Ingo Molnar [this message]
2016-01-20  4:36           ` [PATCH V3] " gavin.guo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160119093535.GA2458@gmail.com \
    --to=mingo@kernel.org \
    --cc=gavin.guo@canonical.com \
    --cc=jay.vosburgh@canonical.com \
    --cc=liang.chen@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mgorman@suse.de \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=riel@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox