| From 37df49f433bc3a11f5716fe65aaec5189c6402cb Mon Sep 17 00:00:00 2001 |
| From: Catalin Marinas <catalin.marinas@arm.com> |
| Date: Thu, 27 Oct 2016 17:46:47 -0700 |
| Subject: [PATCH] mm: kmemleak: ensure that the task stack is not freed during |
| scanning |
| |
| commit 37df49f433bc3a11f5716fe65aaec5189c6402cb upstream. |
| |
| Commit 68f24b08ee89 ("sched/core: Free the stack early if |
| CONFIG_THREAD_INFO_IN_TASK") may cause the task->stack to be freed |
| during kmemleak_scan() execution, leading to either a NULL pointer fault |
| (if task->stack is NULL) or kmemleak accessing already freed memory. |
| |
| This patch uses the new try_get_task_stack() API to ensure that the task |
| stack is not freed during kmemleak stack scanning. |
| |
| Addresses https://bugzilla.kernel.org/show_bug.cgi?id=173901. |
| |
| Fixes: 68f24b08ee89 ("sched/core: Free the stack early if CONFIG_THREAD_INFO_IN_TASK") |
| Link: http://lkml.kernel.org/r/1476266223-14325-1-git-send-email-catalin.marinas@arm.com |
| Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> |
| Reported-by: CAI Qian <caiqian@redhat.com> |
| Tested-by: CAI Qian <caiqian@redhat.com> |
| Acked-by: Michal Hocko <mhocko@suse.com> |
| Cc: Andy Lutomirski <luto@kernel.org> |
| Cc: CAI Qian <caiqian@redhat.com> |
| Cc: Hillf Danton <hillf.zj@alibaba-inc.com> |
| Cc: Oleg Nesterov <oleg@redhat.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| |
| diff --git a/mm/kmemleak.c b/mm/kmemleak.c |
| index a5e453cf05c4..e5355a5b423f 100644 |
| --- a/mm/kmemleak.c |
| +++ b/mm/kmemleak.c |
| @@ -1453,8 +1453,11 @@ static void kmemleak_scan(void) |
| |
| read_lock(&tasklist_lock); |
| do_each_thread(g, p) { |
| - scan_block(task_stack_page(p), task_stack_page(p) + |
| - THREAD_SIZE, NULL); |
| + void *stack = try_get_task_stack(p); |
| + if (stack) { |
| + scan_block(stack, stack + THREAD_SIZE, NULL); |
| + put_task_stack(p); |
| + } |
| } while_each_thread(g, p); |
| read_unlock(&tasklist_lock); |
| } |
| -- |
| 2.15.0 |
| |