Re: Possible race in copy of fpu->state in copy_process against the exeve'ing parent?

From: Jianyu Zhan
Date: Tue Apr 12 2016 - 23:20:17 EST

Next message: Andrew Vagin: "Re: [PATCH 04/15] task_diag: add a new interface to get information about tasks (v4)"
Previous message: Mike Galbraith: "Re: sched: tweak select_idle_sibling to look for idle threads"
In reply to: Jianyu Zhan: "Possible race in copy of fpu->state in copy_process against the exeve'ing parent?"
Next in thread: Ingo Molnar: "Re: Possible race in copy of fpu->state in copy_process against the exeve'ing parent?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 13, 2016 at 11:11 AM, Jianyu Zhan <nasa4836@xxxxxxxxx> wrote:
>
> So I suspect there is a possible race:
>
>
> Parent:
>
> sys_execve
> do_execve
> do_execve_common
> search_binary_handler
> load_elf_binary
> start_thread
> start_thread_common
> free_thread_xstate(current)
> fpu_free
> fpu->state = NULL
>
>
> Child:
>
> sys_clone
> do_fork
> copy_process
> dup_task_struct
> prepare_to_copy
> unlazy_fpu
> __save_init_fpu
> fpu_save_init
> fpu_xsave(fpu) <---- fpu->sate is NULL,
> so cause a
> NULL
> dereference.
>

Hmm, I am wrong, it is not Parent vs Child.

It is : Parent executes sys_execuve, and then right after that,
executes sys_clone.

Regards,
Jianyu Zhan

Next message: Andrew Vagin: "Re: [PATCH 04/15] task_diag: add a new interface to get information about tasks (v4)"
Previous message: Mike Galbraith: "Re: sched: tweak select_idle_sibling to look for idle threads"
In reply to: Jianyu Zhan: "Possible race in copy of fpu->state in copy_process against the exeve'ing parent?"
Next in thread: Ingo Molnar: "Re: Possible race in copy of fpu->state in copy_process against the exeve'ing parent?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]