All of lore.kernel.org
 help / color / mirror / Atom feed
From: Oleg Nesterov <oleg@redhat.com>
To: "Serge E. Hallyn" <serge@hallyn.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	David Howells <dhowells@redhat.com>,
	"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
	Tobias Klauser <tklauser@distanz.ch>,
	Greg Kroah-Hartman <gregkh@suse.de>,
	Matt Mooney <mfm@muteddisk.com>
Cc: "Serge E. Hallyn" <serge.hallyn@canonical.com>,
	lkml <linux-kernel@vger.kernel.org>,
	richard@nod.at, "Eric W. Biederman" <ebiederm@xmission.com>,
	Tejun Heo <tj@kernel.org>
Subject: drivers/staging/usbip/ abuses task_is_dead/exit_state
Date: Tue, 20 Sep 2011 17:14:10 +0200	[thread overview]
Message-ID: <20110920151410.GA16569@redhat.com> (raw)
In-Reply-To: <20110920143942.GB15859@redhat.com>

(add more cc's)

On 09/20, Oleg Nesterov wrote:
>
> Unfortunately, we can't kill task_is_dead() right now, it has already
> found the users in drivers/staging/, and I bet the usage is wrong.

It is used by drivers/staging/usbip/

For what? The code:

	if (vdev->ud.tcp_rx && !task_is_dead(vdev->ud.tcp_rx))
		kthread_stop(vdev->ud.tcp_rx);

And how task_is_dead() can help? This helper is really "special", it
shouldn't be used anyway. But why do we check ->exit_state? Without
tasklist the check is racy anyway, the task can exit right after the
check.

And. It is safe to use kthread_stop(t) even if t has already exited.

OK, this was added by 8547d4cc2b616e4f1dafebe2c673fc986422b506
"Staging: usbip: vhci-hcd: Do not kill already dead RX/TX kthread"

	When unbinding a device on the host which was still attached on the
	client, I got a NULL pointer dereference on the client.

Where?

	This turned out
	to be due to kthread_stop() being called on an already dead kthread.

This should work.

I'm afraid this can only fix the symptom. Probably, the problem is that
we do not have the reference and thus even task_is_dead(t) is not safe.

This kthread was created by kthread_run(). If it exits, nothing protects
this task_struct.

In any case, please do not use ->exit_state. It should not be used outside
of exit.c/etc paths, "exit_state != 0" means "exit_notify() was called".

Oleg.


  reply	other threads:[~2011-09-20 15:18 UTC|newest]

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-19 21:45 [PATCH] user namespace: make signal.c respect user namespaces Serge E. Hallyn
2011-09-19 21:47 ` [PATCH] user namespace: usb: make usb urbs user namespace aware Serge E. Hallyn
2011-09-20 13:17   ` Oleg Nesterov
2011-09-20 13:33     ` Serge E. Hallyn
2011-09-21  5:01     ` [PATCH] user namespace: usb: make usb urbs user namespace aware (v2) Serge E. Hallyn
2011-09-21 18:31       ` Oleg Nesterov
2011-09-21 19:12         ` Serge E. Hallyn
2011-09-21 19:18           ` Greg KH
2011-09-23  1:27             ` [PATCH resend] " Serge E. Hallyn
2011-09-23 15:48               ` Alan Stern
2011-09-23 16:06                 ` Serge E. Hallyn
2011-09-23 16:21                   ` Alan Stern
2011-09-23 17:22                     ` Serge E. Hallyn
2011-09-23 18:35                       ` Alan Stern
2011-09-20 12:22 ` [PATCH] user namespace: make signal.c respect user namespaces Oleg Nesterov
2011-09-20 12:44   ` Serge E. Hallyn
2011-09-20 13:41     ` Oleg Nesterov
2011-09-20 14:39       ` [PATCH 0/2] (Was: user namespace: make signal.c respect user namespaces) Oleg Nesterov
2011-09-20 14:39         ` [PATCH 1/2] creds: kill __task_cred()->task_is_dead() check Oleg Nesterov
2011-09-20 15:14           ` Oleg Nesterov [this message]
2011-09-20 18:38             ` drivers/staging/usbip/ abuses task_is_dead/exit_state Greg KH
2012-03-06 17:39               ` ping: " Oleg Nesterov
2012-03-06 19:30                 ` Tobias Klauser
2012-03-08 18:57                   ` Oleg Nesterov
2012-03-13 11:45                     ` Tobias Klauser
2012-03-13 18:07                       ` [PATCH] staging: usbip: fix the usage of kthread_stop() Oleg Nesterov
2012-04-01 23:17                         ` Oleg Nesterov
2012-04-02  8:11                           ` Tobias Klauser
2011-09-20 15:28           ` [PATCH 1/2] creds: kill __task_cred()->task_is_dead() check Paul E. McKenney
2011-09-20 15:40             ` Oleg Nesterov
2011-09-20 15:48               ` Paul E. McKenney
2011-09-20 14:39         ` [PATCH 2/2] creds: __task_cred(current) doesn't need rcu_read_lock_held() Oleg Nesterov
2011-09-20 15:07           ` Serge Hallyn
2011-09-20 15:35             ` Oleg Nesterov
2011-09-20 16:19         ` David Howells
2011-09-20 16:38           ` Oleg Nesterov
2011-09-20 16:50           ` David Howells
2011-09-20 17:13             ` Oleg Nesterov
2011-09-20 16:27         ` [PATCH 1/2] creds: kill __task_cred()->task_is_dead() check David Howells
2011-09-20 15:39   ` [PATCH] user namespace: make signal.c respect user namespaces Serge Hallyn
2011-09-20 16:24     ` Oleg Nesterov
2011-09-20 16:45       ` Serge E. Hallyn
2011-09-20 18:17         ` Oleg Nesterov
2011-09-21  5:00   ` [PATCH] user namespace: make signal.c respect user namespaces (v2) Serge E. Hallyn
2011-09-20 17:48 ` [PATCH] user namespace: make signal.c respect user namespaces Oleg Nesterov
2011-09-20 18:53   ` Serge E. Hallyn
2011-09-21 17:53     ` Oleg Nesterov
2011-09-22 15:23       ` Serge Hallyn
2011-09-23 16:31       ` Serge E. Hallyn
2011-09-23 17:36         ` Oleg Nesterov
2011-09-23 21:20           ` Serge E. Hallyn
2011-09-24 16:37             ` Oleg Nesterov
2011-09-25 20:17               ` Serge E. Hallyn
2011-09-26 16:06                 ` Oleg Nesterov
2011-09-27 14:28                   ` Serge Hallyn
2011-09-27 14:38                     ` Oleg Nesterov
2011-09-27 15:27                       ` Serge Hallyn
2011-09-27 17:12                         ` Oleg Nesterov
2011-10-04 17:42                   ` Serge E. Hallyn
2011-10-09 19:00                     ` Oleg Nesterov
2011-10-11 13:08                       ` Serge E. Hallyn
2011-10-08 20:02                   ` Serge E. Hallyn
2011-10-09 19:03                     ` Oleg Nesterov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110920151410.GA16569@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=dhowells@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mfm@muteddisk.com \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=richard@nod.at \
    --cc=serge.hallyn@canonical.com \
    --cc=serge@hallyn.com \
    --cc=tj@kernel.org \
    --cc=tklauser@distanz.ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.