Prev: [PATCH] inotify: race use after free/double free in inotify inode marks
Next: Loan Application !!!
From: Oleg Nesterov on 12 May 2010 12:10
On 05/11, Serge E. Hallyn wrote:
>
> Quoting Oleg Nesterov (oleg(a)redhat.com):
> > Change INIT_STRUCT_PID/INIT_PID_LINK to create the empty/unhashed
> > hlist_head/hlist_node. Like any other idle thread swapper can never exit,
> > so detach_pid()->__hlist_del() is not possible, but we could change
> > INIT_PID_LINK() to set pprev = &next if needed.
> >
> > All we need is the valid swapper->pids[].pid == &init_struct_pid.
> >
> > Reported-by: Mathias Krause <mathias.krause(a)secunet.com>
>
> Crimey, trying to find some way this could get dereferenced,

Yes, I was worried too. But afaics we should never use this hlist_node.
Except, of course, it is linked into pid->task.

> finding
> myself impressed with the likes of set_ftrace_swapper().
>
> Anyway, not finding anything, so
>
> > Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
>
> Acked-by: Serge E. Hallyn <serue(a)us.ibm.com>

Thanks for review!

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [PATCH] inotify: race use after free/double free in inotify inode marks
Next: Loan Application !!!