On 08/23, Eric Biggers wrote:
>
> From: Eric Biggers <ebigg...@google.com>
>
> Commit 7c051267931a ("mm, fork: make dup_mmap wait for mmap_sem for
> write killable") made it possible to kill a forking task while it is
> waiting to acquire its ->mmap_sem for write, in dup_mmap(). However, it
> was overlooked that this introduced an new error path before a reference
> is taken on the mm_struct's ->exe_file.
Hmm. Unless I am totally confused, the same problem with mm->exol_area?
I'll recheck....
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -806,6 +806,7 @@ static struct mm_struct *mm_init(struct mm_struct *mm,
> struct task_struct *p,
> mm_init_cpumask(mm);
> mm_init_aio(mm);
> mm_init_owner(mm, p);
> + RCU_INIT_POINTER(mm->exe_file, NULL);
Can't we simply move
RCU_INIT_POINTER(mm->exe_file, get_mm_exe_file(oldmm));
from dup_mmap() here? Afaics this doesn't need mmap_sem.
Good catch!
Oleg.
