On Mon, Oct 07, 2019 at 09:31:16AM +0200, Dmitry Vyukov wrote: > On Mon, Oct 7, 2019 at 1:52 AM Christian Brauner > <[email protected]> wrote: > > > > When assiging and testing taskstats in taskstats_exit() there's a race > > when writing and reading sig->stats when a thread-group with more than > > one thread exits: > > > > cpu0: > > thread catches fatal signal and whole thread-group gets taken down > > do_exit() > > do_group_exit() > > taskstats_exit() > > taskstats_tgid_alloc() > > The tasks reads sig->stats holding sighand lock seeing garbage. > > > > cpu1: > > task calls exit_group() > > do_exit() > > do_group_exit() > > taskstats_exit() > > taskstats_tgid_alloc() > > The task takes sighand lock and assigns new stats to sig->stats. > > > > Fix this by using READ_ONCE() and smp_store_release(). > > > > Reported-by: [email protected] > > Cc: Dmitry Vyukov <[email protected]> > > Signed-off-by: Christian Brauner <[email protected]> > > --- > > /* v1 */ > > Link: > > https://lore.kernel.org/r/[email protected] > > > > /* v2 */ > > - Dmitry Vyukov <[email protected]>, Marco Elver <[email protected]>: > > - fix the original double-checked locking using memory barriers > > --- > > kernel/taskstats.c | 19 ++++++++++--------- > > 1 file changed, 10 insertions(+), 9 deletions(-) > > Reviewed-by: Dmitry Vyukov <[email protected]>
Applied to: https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=fixes Should show up in linux-next tomorrow. Targeting v5.4-rc3. Cced stable. Christian
