Re: KASAN: use-after-free Read in task_is_descendant

From: Oleg Nesterov
Date: Thu Oct 25 2018 - 12:26:01 EST

Next message: Jens Axboe: "Re: [PATCH] blk-mq: ensure hctx to be ran on mapped cpu when issue directly"
Previous message: Christoph Manszewski: "[PATCH v4 0/2] drm/exynos: decon: Add properties"
In reply to: Oleg Nesterov: "Re: KASAN: use-after-free Read in task_is_descendant"
Next in thread: Tetsuo Handa: "Re: KASAN: use-after-free Read in task_is_descendant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/25, Oleg Nesterov wrote:
>
> Because our rcu read-lock critical section extends beyond the return from
> synchronize_rcu(), and thus we must have a full memory barrier _between_
> that synchronize_rcu() and our rcu_read_lock(). We must see all memory updates,
> including thread_pid = NULL which makes pid_alive() == F.

In case I was not clear....

Suppose we have int X = 0. If some CPU does

X = 1;
synchronize_rcu();

and another CPU does

rcu_read_lock();
x = X;
rcu_read_unlock();

then x should be == 1 in case when rcu_read_unlock() happens _after_ return
from synchronize_rcu().

Oleg.

Next message: Jens Axboe: "Re: [PATCH] blk-mq: ensure hctx to be ran on mapped cpu when issue directly"
Previous message: Christoph Manszewski: "[PATCH v4 0/2] drm/exynos: decon: Add properties"
In reply to: Oleg Nesterov: "Re: KASAN: use-after-free Read in task_is_descendant"
Next in thread: Tetsuo Handa: "Re: KASAN: use-after-free Read in task_is_descendant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]