Re: [BUG] Use of probe_kernel_address() in task_rcu_dereference() without checking return value
From: Oleg Nesterov
Date: Fri Aug 30 2019 - 11:24:25 EST
On 08/30, Russell King - ARM Linux admin wrote:
> which means that when probe_kernel_address() returns -EFAULT, the
> destination is left uninitialised. In the case of
> task_rcu_dereference(), this means that "siginfo" can be used without
> having been initialised,
Yes, but this is fine, please see the long comment below (case 2).
If probe_kernel_address() fails, "sighand" is not initialized. but this
doesn't differ from the case when we inspect the random value if this
task_struct was freed, then reallocated as another thing, then freed and
reallocated as task_struct again.