On Wed, Apr 13, 2016 at 11:11 AM, Jianyu Zhan <[email protected]> wrote: > > So I suspect there is a possible race: > > > Parent: > > sys_execve > do_execve > do_execve_common > search_binary_handler > load_elf_binary > start_thread > start_thread_common > free_thread_xstate(current) > fpu_free > fpu->state = NULL > > > Child: > > sys_clone > do_fork > copy_process > dup_task_struct > prepare_to_copy > unlazy_fpu > __save_init_fpu > fpu_save_init > fpu_xsave(fpu) <---- fpu->sate is NULL, > so cause a > NULL > dereference. >
Hmm, I am wrong, it is not Parent vs Child. It is : Parent executes sys_execuve, and then right after that, executes sys_clone. Regards, Jianyu Zhan
