diff options
| author | Vijayanand Jitta <vjitta@codeaurora.org> | 2019-10-23 10:03:55 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2020-09-14 22:09:55 -0700 |
| commit | 90cbaf5095aa53f37dca49c4e5b2593518cfa955 (patch) | |
| tree | e6361995fe4566610d25c7a722b30fd13ccabceb /fs/xfs/xfs_rtalloc.c | |
| parent | 353b81f1fbec379322908cec16dcb7f6b3167fb6 (diff) | |
ANDROID: Take reference to task_struct with in the rcu section
An issue is reported where the following sequence occurred
1) In lowmem_scan path, task to kill gets selected and SIGKILL
is sent.
2) Task receives the signal or it can already be in its exit path
and it does put_task_struct which makes cred as NULL.
3) Now in lowmem_scan path get_task_struct is done followed by
put_task_struct which will result in accessing cred which is
already NULL.
Unable to handle kernel NULL pointer dereference at virtual address
00000000
...
PC is at exit_creds+0x1c/0x70
LR is at __put_task_struct+0x44/0x134
[<000000003316722f>] exit_creds+0x1c/0x70
[<000000004966ea42>] __put_task_struct+0x44/0x134
[<000000004fa7fb71>] lowmem_scan+0x6f8/0x1078
[<000000007d2818cd>] shrink_slab.part.65+0x1fc/0x4e8
[<00000000cb140f16>] shrink_node+0x9c/0x20c
[<00000000afe7461e>] kswapd+0x28c/0x534
[<000000003df446ee>] kthread+0xe0/0xf4
[<00000000f357571f>] ret_from_fork+0x10/0x20
To avoid this take reference to task struct with in the rcu section
so that the task_struct remains intact.
Change-Id: I2752cb17768cc6011502688212040bf90b0c56e7
Signed-off-by: Vijayanand Jitta <vjitta@codeaurora.org>
Diffstat (limited to 'fs/xfs/xfs_rtalloc.c')
0 files changed, 0 insertions, 0 deletions