Re: [syzbot] WARNING: locking bug in umh_complete
From: Peter Zijlstra
Date: Fri Feb 03 2023 - 09:32:17 EST
On Fri, Feb 03, 2023 at 09:59:51PM +0900, Tetsuo Handa wrote:
> On 2023/02/03 21:30, Peter Zijlstra wrote:
> >> I think the right fix is to:
> >>
> >> state &= ~TASK_KILLABLE;
> >
> > state &= ~__TASK_WAKEKILL;
> >
> > we don't want to mask out UNINTERUPTIBLE, that would be bad.
>
> This code was made killable as a solution for CVE-2012-4398.
> Although OOM reaper is available today, making back to unkillable is not smart.
Yes, I meant something like so.
diff --git a/kernel/umh.c b/kernel/umh.c
index 850631518665..0e69e1e4b6fe 100644
--- a/kernel/umh.c
+++ b/kernel/umh.c
@@ -438,21 +438,24 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
if (wait == UMH_NO_WAIT) /* task has freed sub_info */
goto unlock;
- if (wait & UMH_KILLABLE)
- state |= TASK_KILLABLE;
-
- if (wait & UMH_FREEZABLE)
+ if (wait & UMH_FREEZABLE) {
state |= TASK_FREEZABLE;
- retval = wait_for_completion_state(&done, state);
- if (!retval)
- goto wait_done;
-
if (wait & UMH_KILLABLE) {
+ retval = wait_for_completion_state(&done, state | TASK_KILLABLE);
+ if (!retval)
+ goto wait_done;
+
/* umh_complete() will see NULL and free sub_info */
if (xchg(&sub_info->complete, NULL))
goto unlock;
+
+ /*
+ * fallthrough; in case of -ERESTARTSYS now do uninterruptible
+ * wait_for_completion().
+ */
}
+ wait_for_completion_state(&done, state);
wait_done:
retval = sub_info->retval;