Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754175AbcKCHK2 (ORCPT ); Thu, 3 Nov 2016 03:10:28 -0400 Received: from terminus.zytor.com ([198.137.202.10]:41668 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752363AbcKCHK1 (ORCPT ); Thu, 3 Nov 2016 03:10:27 -0400 Date: Thu, 3 Nov 2016 00:09:47 -0700 From: tip-bot for Tetsuo Handa Message-ID: Cc: linux-kernel@vger.kernel.org, tglx@linutronix.de, hpa@zytor.com, mingo@kernel.org, penguin-kernel@I-love.SAKURA.ne.jp, luto@kernel.org, peterz@infradead.org, torvalds@linux-foundation.org Reply-To: luto@kernel.org, penguin-kernel@I-love.SAKURA.ne.jp, torvalds@linux-foundation.org, peterz@infradead.org, tglx@linutronix.de, linux-kernel@vger.kernel.org, mingo@kernel.org, hpa@zytor.com In-Reply-To: <201611021950.FEJ34368.HFFJOOMLtQOVSF@I-love.SAKURA.ne.jp> References: <201611021950.FEJ34368.HFFJOOMLtQOVSF@I-love.SAKURA.ne.jp> To: linux-tip-commits@vger.kernel.org Subject: [tip:sched/urgent] sched/core: Fix oops in sched_show_task() Git-Commit-ID: 382005027fedc50b28d40ae64ef1461cca38953e X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2079 Lines: 58 Commit-ID: 382005027fedc50b28d40ae64ef1461cca38953e Gitweb: http://git.kernel.org/tip/382005027fedc50b28d40ae64ef1461cca38953e Author: Tetsuo Handa AuthorDate: Wed, 2 Nov 2016 19:50:29 +0900 Committer: Ingo Molnar CommitDate: Thu, 3 Nov 2016 07:27:34 +0100 sched/core: Fix oops in sched_show_task() When CONFIG_THREAD_INFO_IN_TASK=y, it is possible that an exited thread remains in the task list after its stack pointer was already set to NULL. Therefore, thread_saved_pc() and stack_not_used() in sched_show_task() will trigger NULL pointer dereference if an attempt to dump such thread's traces (e.g. SysRq-t, khungtaskd) is made. Since show_stack() in sched_show_task() calls try_get_task_stack() and sched_show_task() is called from interrupt context, calling try_get_task_stack() from sched_show_task() will be safe as well. Signed-off-by: Tetsuo Handa Acked-by: Andy Lutomirski Acked-by: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: bp@alien8.de Cc: brgerst@gmail.com Cc: jann@thejh.net Cc: keescook@chromium.org Cc: linux-api@vger.kernel.org Cc: tycho.andersen@canonical.com Link: http://lkml.kernel.org/r/201611021950.FEJ34368.HFFJOOMLtQOVSF@I-love.SAKURA.ne.jp Signed-off-by: Ingo Molnar --- kernel/sched/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 42d4027..9abf66b 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -5192,6 +5192,8 @@ void sched_show_task(struct task_struct *p) int ppid; unsigned long state = p->state; + if (!try_get_task_stack(p)) + return; if (state) state = __ffs(state) + 1; printk(KERN_INFO "%-15.15s %c", p->comm, @@ -5221,6 +5223,7 @@ void sched_show_task(struct task_struct *p) print_worker_info(KERN_INFO, p); show_stack(p, NULL); + put_task_stack(p); } void show_state_filter(unsigned long state_filter)