Re: [userns-always-map-user-v136] BUG: unable to handle kernel NULL pointer dereference at (null)

[Eric W. Biederman]

Fengguang Wu <fengguang.wu@xxxxxxxxx> writes:

> Hi Eric,
>
> It's beyond me why this trivial patch will lead to kernel panic.  But
> the NULL pointer dereference bug is 100% reproducible since this
> commit.

My mistake apparently I failed to boot test that patch.

The problem crash is because
kthreadd_task == NULL.

kthreadd_task is NULL because this little sequence sets kthreadd_task to NULL

	pid = kernel_thread(kthreadd, NULL, CLONE_FS | CLONE_FILES);
	rcu_read_lock();
	kthreadd_task = find_task_by_pid_ns(pid, &init_pid_ns);
	rcu_read_unlock();

The lookup for kthreadd_task fails because when spawning kthread_task
with kernel_thread the is_idle_task(p) test in fork is reporting true,
so the pid is never placed into the pid hash table.

is_idle_task(p) is true because it is testing task_pid(p) two lines
before task_pid(p) is set.  So task_pid(p) is still it's parents value
and the parent of the kthreadd_task is the initial idle task.

So I should have just tested (pid != &init_struct_pid) sigh.  Silly me.

Fixed and pushed out.  That you for reporting this to me.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/