Re: [PATCH] introduce put_pid_rcu() to fix unsafe put_pid(vc->vt_pid)

[Oleg Nesterov]

On 12/03, Andrew Morton wrote:
>
> On Sat, 2 Dec 2006 02:48:26 +0300
> Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> 
> > drivers/char/vt_ioctl.c changes vc->vt_pid doing
> > 
> > 	put_pid(xchg(&vc->vt_pid, ...));
> > 
> > This is unsafe, put_pid() can actually free the memory while vc->vt_pid is
> > still used by kill_pid(vc->vt_pid).
> > 
> > Add a new helper, put_pid_rcu(), which frees "struct pid" via rcu callback
> > and convert vt_ioctl.c to use it.
> > 
> 
> 
> I'm a bit reluctant to go adding more tricky infrastructure (especially
> 100% undocumented infrastructure) on behalf of a single usage site in a
> place as creepy as the VT ioctl code.
> If we envisage future users of this infrastructure (and if it gets
> documented) then OK.

It is a shame we can't use "struct pid*" lockless, note that "struct pid"
itself is rcu-protected. I hope we can find another usage for put_pid_rcu
(in fact I suggested it before, but didn't have a reason). However, I don't
see any other example immediately.

>                       Otherwise I'd rather just stick another bandaid into
> the vt code.  Can we add some locking there,

Yes, this is possible, and probably we should do just this.

>                                               or change it to use a
> task_struct* or something?

I don't think this is good. It was converted from task_struct* to pid*.

Eric, what do you think?

Oleg.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/