Re: [PATCH-tip] sched: Don't call kfree() in do_set_cpus_allowed()

From: Peter Zijlstra
Date: Mon Nov 21 2022 - 05:39:16 EST

Next message: syzbot: "[syzbot] KASAN: use-after-free Read in __unmap_hugepage_range_final"
Previous message: Laurent Pinchart: "Re: [PATCH v3 02/14] dt-bindings: media: rkisp1: Add i.MX8MP ISP example"
In reply to: Waiman Long: "[PATCH-tip] sched: Don't call kfree() in do_set_cpus_allowed()"
Next in thread: Waiman Long: "Re: [PATCH-tip] sched: Don't call kfree() in do_set_cpus_allowed()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 18, 2022 at 02:33:02PM -0500, Waiman Long wrote:
> Commit 851a723e45d1 ("sched: Always clear user_cpus_ptr in
> do_set_cpus_allowed()") may call kfree() if user_cpus_ptr was previously
> set. Unfortunately, some of the callers of do_set_cpus_allowed()

'some' ? There's only 3 or so, which one triggers this?

> may not be in a context where kfree() can be safely called. So the
> following splats may be printed:
>
> WARNING: possible circular locking dependency detected
> BUG: sleeping function called from invalid context
>
> To avoid these problems without leaking memory, the free cpumask is now
> put into a lockless list to be reused in a later sched_setaffinity()
> call instead.

Urgh.. depending on which of the callsites it is, it's probably simpler
to just rework the caller to not use do_set_cpus_allowed(), no?

Next message: syzbot: "[syzbot] KASAN: use-after-free Read in __unmap_hugepage_range_final"
Previous message: Laurent Pinchart: "Re: [PATCH v3 02/14] dt-bindings: media: rkisp1: Add i.MX8MP ISP example"
In reply to: Waiman Long: "[PATCH-tip] sched: Don't call kfree() in do_set_cpus_allowed()"
Next in thread: Waiman Long: "Re: [PATCH-tip] sched: Don't call kfree() in do_set_cpus_allowed()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]