Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns

From: Xuewen Yan
Date: Tue Jul 25 2023 - 08:24:33 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH V2 1/4] ASoC: codecs: Add code for bin parsing compatible with aw88261"
Previous message: Zhang Jianhua: "[PATCH -next v3] arm64: fix build warning for ARM64_MEMSTART_SHIFT"
In reply to: Christian Brauner: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Next in thread: Christian Brauner: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 25, 2023 at 4:49 PM Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> On Thu, Jul 13, 2023 at 03:17:13PM +0800, Xuewen Yan wrote:
> > There is no the judgment of whether namspace is NULL in find_pid_ns.
> > But there is a corner case when ns is null, for example: if user
> > call find_get_pid when current is in exiting, the following stack would
> > set thread_id be null:
> > release_task
> > __exit_signal(p);
> > __unhash_process(tsk, group_dead);
> > detach_pid(p, PIDTYPE_PID);
> > __change_pid(task, type, NULL);
> >
> > If user call find_get_pid at now, in find_vpid function, the
>
> I fail to see how this can happen. The code you're referencing is in
> release_task(). If current has gone through that then current obviously
> can't call find_vpid() on itself anymore or anything else for that
> matter.

This happened when user calls find_vpid() in irq.

[72117.635162] Call trace:
[72117.635595] idr_find+0xc/0x24
[72117.636103] find_get_pid+0x40/0x68
[72117.636812] send_event+0x88/0x180 [demux]
[72117.637593] vbvop_copy_data+0x150/0x344 [demux]
[72117.638434] dmisr_video_parsing_mpeg12+0x29c/0x42c [demux]
[72117.639393] dmisr_video_parsing_switch+0x68/0xec [demux]
[72117.640332] dmisr_handle_video_pes+0x10c/0x26c [demux]
[72117.641108] tasklet_action_common+0x130/0x224
[72117.641784] tasklet_action+0x28/0x34
[72117.642366] __do_softirq+0x128/0x4dc
[72117.642944] irq_exit+0xf8/0xfc
[72117.643459] __handle_domain_irq+0xb0/0x108
[72117.644102] gic_handle_irq+0x6c/0x124
[72117.644691] el1_irq+0x108/0x200
[72117.645217] _raw_write_unlock_irq+0x2c/0x5c
[72117.645870] release_task+0x144/0x1ac <<<<<<
[72117.646447] do_exit+0x524/0x94c
[72117.646970] __do_sys_exit_group+0x0/0x14
[72117.647591] do_group_exit+0x0/0xa0
[72117.648146] __se_sys_exit+0x0/0x20
[72117.648704] el0_svc_common+0xcc/0x1bc
[72117.649292] el0_svc_handler+0x2c/0x3c
[72117.649881] el0_svc+0x8/0xc

In release_task, write_unlock_irq(&tasklist_lock) will open irq, at
this time, if user calls find_get_pid() in irq, because
current->thread_id is NULL,
it will handle the NULL pointer.

BR
---
xuewen

Next message: Krzysztof Kozlowski: "Re: [PATCH V2 1/4] ASoC: codecs: Add code for bin parsing compatible with aw88261"
Previous message: Zhang Jianhua: "[PATCH -next v3] arm64: fix build warning for ARM64_MEMSTART_SHIFT"
In reply to: Christian Brauner: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Next in thread: Christian Brauner: "Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]