| Message ID | 1561671168-29896-1-git-send-email-opendmb@gmail.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | c51bc12d06b3a5494fbfcbd788a8e307932a06e9 |
| Headers | show |
| Series | ARM: mm: only adjust sections of valid mm structures | expand |
On 6/27/19 2:32 PM, Doug Berger wrote: > A timing hazard exists when an early fork/exec thread begins > exiting and sets its mm pointer to NULL while a separate core > tries to update the section information. > > This commit ensures that the mm pointer is not NULL before > setting its section parameters. The arguments provided by > commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking > from update_sections_early()") are equally valid for not > requiring grabbing the task_lock around this check. This looks like an appropriate fix to me. For what it is worth, we were able to reproduce this problem with a 4.9 kernel with: CONFIG_UEVENT_HELPER=y CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" It is made much more reliable with a lower default loglevel (e.g.: 1) than the default log level, but if you have e.g.: an USB thumb drive that needs to be scanned by the SCSI layer, then this is 100% reliable. > > Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments") > Signed-off-by: Doug Berger <opendmb@gmail.com> > --- > arch/arm/mm/init.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c > index be0b42937888..bdc70dff477b 100644 > --- a/arch/arm/mm/init.c > +++ b/arch/arm/mm/init.c > @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n) > if (t->flags & PF_KTHREAD) > continue; > for_each_thread(t, s) > - set_section_perms(perms, n, true, s->mm); > + if (s->mm) > + set_section_perms(perms, n, true, s->mm); > } > set_section_perms(perms, n, true, current->active_mm); > set_section_perms(perms, n, true, &init_mm); >
On 6/27/19 5:32 PM, Doug Berger wrote: > A timing hazard exists when an early fork/exec thread begins > exiting and sets its mm pointer to NULL while a separate core > tries to update the section information. > > This commit ensures that the mm pointer is not NULL before > setting its section parameters. The arguments provided by > commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking > from update_sections_early()") are equally valid for not > requiring grabbing the task_lock around this check. > > Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments") > Signed-off-by: Doug Berger <opendmb@gmail.com> > --- > arch/arm/mm/init.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c > index be0b42937888..bdc70dff477b 100644 > --- a/arch/arm/mm/init.c > +++ b/arch/arm/mm/init.c > @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n) > if (t->flags & PF_KTHREAD) > continue; > for_each_thread(t, s) > - set_section_perms(perms, n, true, s->mm); > + if (s->mm) > + set_section_perms(perms, n, true, s->mm); > } > set_section_perms(perms, n, true, current->active_mm); > set_section_perms(perms, n, true, &init_mm); > Acked-by: Laura Abbott <labbott@redhat.com>
On Thu, Jun 27, 2019 at 11:33 PM Doug Berger <opendmb@gmail.com> wrote: > A timing hazard exists when an early fork/exec thread begins > exiting and sets its mm pointer to NULL while a separate core > tries to update the section information. > > This commit ensures that the mm pointer is not NULL before > setting its section parameters. The arguments provided by > commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking > from update_sections_early()") are equally valid for not > requiring grabbing the task_lock around this check. > > Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments") > Signed-off-by: Doug Berger <opendmb@gmail.com> Cc: stable@vger.kernel.org ? I'm not smart enough to say whether it is the right solution, but I also want to test this on some boards I have. I suspect this may be part of the problem I have with mounting root on a USB stick on some early mpcore machines, so I might come back with a Tested-by. Yours, Linus Walleij
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c index be0b42937888..bdc70dff477b 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n) if (t->flags & PF_KTHREAD) continue; for_each_thread(t, s) - set_section_perms(perms, n, true, s->mm); + if (s->mm) + set_section_perms(perms, n, true, s->mm); } set_section_perms(perms, n, true, current->active_mm); set_section_perms(perms, n, true, &init_mm);
A timing hazard exists when an early fork/exec thread begins exiting and sets its mm pointer to NULL while a separate core tries to update the section information. This commit ensures that the mm pointer is not NULL before setting its section parameters. The arguments provided by commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking from update_sections_early()") are equally valid for not requiring grabbing the task_lock around this check. Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments") Signed-off-by: Doug Berger <opendmb@gmail.com> --- arch/arm/mm/init.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)