tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

fork: Add task stack refcounting sanity check and prevent premature task stack freeing

If something goes wrong with task stack refcounting and a stack
refcount hits zero too early, warn and leak it rather than
potentially freeing it early (and silently).

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/f29119c783a9680a4b4656e751b6123917ace94b.1477926663.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>

authored by Andy Lutomirski and committed by Ingo Molnar 405c0759 0c183d92

options
unified split
Changed files
+4
kernel
fork.c
+4
kernel/fork.c
··· 315 315 316 316 static void release_task_stack(struct task_struct *tsk) 317 317 { 318 + if (WARN_ON(tsk->state != TASK_DEAD)) 319 + return; /* Better to leak the stack than to free prematurely */ 320 + 318 321 account_kernel_stack(tsk, -1); 319 322 arch_release_thread_stack(tsk->stack); 320 323 free_thread_stack(tsk); ··· 1865 1862 atomic_dec(&p->cred->user->processes); 1866 1863 exit_creds(p); 1867 1864 bad_fork_free: 1865 + p->state = TASK_DEAD; 1868 1866 put_task_stack(p); 1869 1867 free_task(p); 1870 1868 fork_out: