Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns

From: Christian Brauner
Date: Tue Jul 25 2023 - 08:48:10 EST

Next message: kernel test robot: "arch/powerpc/mm/book3s64/pgtable.c:422:6: error: no previous prototype for 'arch_report_meminfo'"
Previous message: Stefano Garzarella: "Re: [PATCH net-next v3 4/4] vsock/virtio: MSG_ZEROCOPY flag support"
In reply to: Xuewen Yan: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Next in thread: Xuewen Yan: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 25, 2023 at 08:24:18PM +0800, Xuewen Yan wrote:
> On Tue, Jul 25, 2023 at 4:49 PM Christian Brauner <brauner@xxxxxxxxxx> wrote:
> >
> > On Thu, Jul 13, 2023 at 03:17:13PM +0800, Xuewen Yan wrote:
> > > There is no the judgment of whether namspace is NULL in find_pid_ns.
> > > But there is a corner case when ns is null, for example: if user
> > > call find_get_pid when current is in exiting, the following stack would
> > > set thread_id be null:
> > > release_task
> > > __exit_signal(p);
> > > __unhash_process(tsk, group_dead);
> > > detach_pid(p, PIDTYPE_PID);
> > > __change_pid(task, type, NULL);
> > >
> > > If user call find_get_pid at now, in find_vpid function, the
> >
> > I fail to see how this can happen. The code you're referencing is in
> > release_task(). If current has gone through that then current obviously
> > can't call find_vpid() on itself anymore or anything else for that
> > matter.
>
> This happened when user calls find_vpid() in irq.
>
> [72117.635162] Call trace:
> [72117.635595] idr_find+0xc/0x24
> [72117.636103] find_get_pid+0x40/0x68
> [72117.636812] send_event+0x88/0x180 [demux]
> [72117.637593] vbvop_copy_data+0x150/0x344 [demux]
> [72117.638434] dmisr_video_parsing_mpeg12+0x29c/0x42c [demux]
> [72117.639393] dmisr_video_parsing_switch+0x68/0xec [demux]
> [72117.640332] dmisr_handle_video_pes+0x10c/0x26c [demux]
> [72117.641108] tasklet_action_common+0x130/0x224
> [72117.641784] tasklet_action+0x28/0x34
> [72117.642366] __do_softirq+0x128/0x4dc
> [72117.642944] irq_exit+0xf8/0xfc
> [72117.643459] __handle_domain_irq+0xb0/0x108
> [72117.644102] gic_handle_irq+0x6c/0x124
> [72117.644691] el1_irq+0x108/0x200
> [72117.645217] _raw_write_unlock_irq+0x2c/0x5c
> [72117.645870] release_task+0x144/0x1ac <<<<<<
> [72117.646447] do_exit+0x524/0x94c
> [72117.646970] __do_sys_exit_group+0x0/0x14
> [72117.647591] do_group_exit+0x0/0xa0
> [72117.648146] __se_sys_exit+0x0/0x20
> [72117.648704] el0_svc_common+0xcc/0x1bc
> [72117.649292] el0_svc_handler+0x2c/0x3c
> [72117.649881] el0_svc+0x8/0xc
>
> In release_task, write_unlock_irq(&tasklist_lock) will open irq, at
> this time, if user calls find_get_pid() in irq, because
> current->thread_id is NULL,
> it will handle the NULL pointer.

Uhm, where is that code from? This doesn't seem to be upstream.

Next message: kernel test robot: "arch/powerpc/mm/book3s64/pgtable.c:422:6: error: no previous prototype for 'arch_report_meminfo'"
Previous message: Stefano Garzarella: "Re: [PATCH net-next v3 4/4] vsock/virtio: MSG_ZEROCOPY flag support"
In reply to: Xuewen Yan: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Next in thread: Xuewen Yan: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]