A timing hazard exists when an early fork/exec thread begins
exiting and sets its mm pointer to NULL while a separate core
tries to update the section information.
This commit ensures that the mm pointer is not NULL before
setting its section parameters. The arguments provided by
commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
from update_sections_early()") are equally valid for not
requiring grabbing the task_lock around this check.
Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
Signed-off-by: Doug Berger <[email protected]>
---
arch/arm/mm/init.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index be0b42937888..bdc70dff477b 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
if (t->flags & PF_KTHREAD)
continue;
for_each_thread(t, s)
- set_section_perms(perms, n, true, s->mm);
+ if (s->mm)
+ set_section_perms(perms, n, true, s->mm);
}
set_section_perms(perms, n, true, current->active_mm);
set_section_perms(perms, n, true, &init_mm);
--
2.7.4
On 6/27/19 2:32 PM, Doug Berger wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
>
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.
This looks like an appropriate fix to me. For what it is worth, we were
able to reproduce this problem with a 4.9 kernel with:
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
It is made much more reliable with a lower default loglevel (e.g.: 1)
than the default log level, but if you have e.g.: an USB thumb drive
that needs to be scanned by the SCSI layer, then this is 100% reliable.
>
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <[email protected]>
> ---
> arch/arm/mm/init.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
> index be0b42937888..bdc70dff477b 100644
> --- a/arch/arm/mm/init.c
> +++ b/arch/arm/mm/init.c
> @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
> if (t->flags & PF_KTHREAD)
> continue;
> for_each_thread(t, s)
> - set_section_perms(perms, n, true, s->mm);
> + if (s->mm)
> + set_section_perms(perms, n, true, s->mm);
> }
> set_section_perms(perms, n, true, current->active_mm);
> set_section_perms(perms, n, true, &init_mm);
>
--
Florian
On 6/27/19 5:32 PM, Doug Berger wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
>
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.
>
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <[email protected]>
> ---
> arch/arm/mm/init.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
> index be0b42937888..bdc70dff477b 100644
> --- a/arch/arm/mm/init.c
> +++ b/arch/arm/mm/init.c
> @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
> if (t->flags & PF_KTHREAD)
> continue;
> for_each_thread(t, s)
> - set_section_perms(perms, n, true, s->mm);
> + if (s->mm)
> + set_section_perms(perms, n, true, s->mm);
> }
> set_section_perms(perms, n, true, current->active_mm);
> set_section_perms(perms, n, true, &init_mm);
>
Acked-by: Laura Abbott <[email protected]>
On Thu, Jun 27, 2019 at 11:33 PM Doug Berger <[email protected]> wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
>
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.
>
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <[email protected]>
Cc: [email protected] ?
I'm not smart enough to say whether it is the right solution, but
I also want to test this on some boards I have. I suspect this
may be part of the problem I have with mounting root on a USB
stick on some early mpcore machines, so I might come back with
a Tested-by.
Yours,
Linus Walleij