queue/mm-kmemleak-ensure-that-the-task-stack-is-not-freed-.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-4.8 - Git at Google

 From 37df49f433bc3a11f5716fe65aaec5189c6402cb Mon Sep 17 00:00:00 2001
 From: Catalin Marinas <catalin.marinas@arm.com>
 Date: Thu, 27 Oct 2016 17:46:47 -0700
 Subject: [PATCH] mm: kmemleak: ensure that the task stack is not freed during
  scanning

 commit 37df49f433bc3a11f5716fe65aaec5189c6402cb upstream.

 Commit 68f24b08ee89 ("sched/core: Free the stack early if
 CONFIG_THREAD_INFO_IN_TASK") may cause the task->stack to be freed
 during kmemleak_scan() execution, leading to either a NULL pointer fault
 (if task->stack is NULL) or kmemleak accessing already freed memory.

 This patch uses the new try_get_task_stack() API to ensure that the task
 stack is not freed during kmemleak stack scanning.

 Addresses https://bugzilla.kernel.org/show_bug.cgi?id=173901.

 Fixes: 68f24b08ee89 ("sched/core: Free the stack early if CONFIG_THREAD_INFO_IN_TASK")
 Link: http://lkml.kernel.org/r/1476266223-14325-1-git-send-email-catalin.marinas@arm.com
 Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
 Reported-by: CAI Qian <caiqian@redhat.com>
 Tested-by: CAI Qian <caiqian@redhat.com>
 Acked-by: Michal Hocko <mhocko@suse.com>
 Cc: Andy Lutomirski <luto@kernel.org>
 Cc: CAI Qian <caiqian@redhat.com>
 Cc: Hillf Danton <hillf.zj@alibaba-inc.com>
 Cc: Oleg Nesterov <oleg@redhat.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

 diff --git a/mm/kmemleak.c b/mm/kmemleak.c
 index a5e453cf05c4..e5355a5b423f 100644
 --- a/mm/kmemleak.c
 +++ b/mm/kmemleak.c
 @@ -1453,8 +1453,11 @@ static void kmemleak_scan(void)

  		read_lock(&tasklist_lock);
  		do_each_thread(g, p) {
 -			scan_block(task_stack_page(p), task_stack_page(p) +
 -				   THREAD_SIZE, NULL);
 +			void *stack = try_get_task_stack(p);
 +			if (stack) {
 +				scan_block(stack, stack + THREAD_SIZE, NULL);
 +				put_task_stack(p);
 +			}
  		} while_each_thread(g, p);
  		read_unlock(&tasklist_lock);
  	}
 --
 2.15.0
	From 37df49f433bc3a11f5716fe65aaec5189c6402cb Mon Sep 17 00:00:00 2001
	From: Catalin Marinas <catalin.marinas@arm.com>
	Date: Thu, 27 Oct 2016 17:46:47 -0700
	Subject: [PATCH] mm: kmemleak: ensure that the task stack is not freed during
	scanning

	commit 37df49f433bc3a11f5716fe65aaec5189c6402cb upstream.

	Commit 68f24b08ee89 ("sched/core: Free the stack early if
	CONFIG_THREAD_INFO_IN_TASK") may cause the task->stack to be freed
	during kmemleak_scan() execution, leading to either a NULL pointer fault
	(if task->stack is NULL) or kmemleak accessing already freed memory.

	This patch uses the new try_get_task_stack() API to ensure that the task
	stack is not freed during kmemleak stack scanning.

	Addresses https://bugzilla.kernel.org/show_bug.cgi?id=173901.

	Fixes: 68f24b08ee89 ("sched/core: Free the stack early if CONFIG_THREAD_INFO_IN_TASK")
	Link: http://lkml.kernel.org/r/1476266223-14325-1-git-send-email-catalin.marinas@arm.com
	Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
	Reported-by: CAI Qian <caiqian@redhat.com>
	Tested-by: CAI Qian <caiqian@redhat.com>
	Acked-by: Michal Hocko <mhocko@suse.com>
	Cc: Andy Lutomirski <luto@kernel.org>
	Cc: CAI Qian <caiqian@redhat.com>
	Cc: Hillf Danton <hillf.zj@alibaba-inc.com>
	Cc: Oleg Nesterov <oleg@redhat.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

	diff --git a/mm/kmemleak.c b/mm/kmemleak.c
	index a5e453cf05c4..e5355a5b423f 100644
	--- a/mm/kmemleak.c
	+++ b/mm/kmemleak.c
	@@ -1453,8 +1453,11 @@ static void kmemleak_scan(void)

	read_lock(&tasklist_lock);
	do_each_thread(g, p) {
	- scan_block(task_stack_page(p), task_stack_page(p) +
	- THREAD_SIZE, NULL);
	+ void *stack = try_get_task_stack(p);
	+ if (stack) {
	+ scan_block(stack, stack + THREAD_SIZE, NULL);
	+ put_task_stack(p);
	+ }
	} while_each_thread(g, p);
	read_unlock(&tasklist_lock);
	}
	--
	2.15.0