Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFA94C636D6 for ; Fri, 3 Feb 2023 14:32:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232056AbjBCOcQ (ORCPT ); Fri, 3 Feb 2023 09:32:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232554AbjBCOcH (ORCPT ); Fri, 3 Feb 2023 09:32:07 -0500 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4CE89D583 for ; Fri, 3 Feb 2023 06:31:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=686ohwA2eY9DAHvlDa7p2qUCu5MZgEJ6AVfxC2H73aU=; b=CHJ+idfLu+OOu4flywwJ9iC4bH Y0J9cgxnvbBbjL+TU5YTl/zPQXx48lqQbF5ImhWCzQ0yiV0KJxYJyMyN1Z5eSFIInaOBjki0d1Rr8 7vFokB+Ol3OGpqN5f13b8UDuXwgT7gcIhs6V3ACTCWP8Bc0N8tRqFya7t4vIUWdInsOFN7b/8Wgq4 K6fiu1VyBBnvwFOYi+C9n0gbTwLfxo1QVWCNdrds+22XMUHaddRJQyCR+C7FICMHqVTWX6wlCJe+b UPkeaBFpQnviRxHjDvz3tpX1og1cUsa6KZ0D8L/HpGTd7LycIx1m9DbzLoU9J1egPDZrB1M30/3bK 8VTSBAaA==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1pNx5u-00ENCe-GR; Fri, 03 Feb 2023 14:31:15 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id EC70730012F; Fri, 3 Feb 2023 15:31:11 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id CA60020139FE0; Fri, 3 Feb 2023 15:31:11 +0100 (CET) Date: Fri, 3 Feb 2023 15:31:11 +0100 From: Peter Zijlstra To: Tetsuo Handa Cc: Ingo Molnar , "Rafael J. Wysocki" , linux-kernel@vger.kernel.org, mcgrof@kernel.org, Linus Torvalds , syzkaller-bugs@googlegroups.com, syzbot , Hillf Danton Subject: Re: [syzbot] WARNING: locking bug in umh_complete Message-ID: References: <20230127014137.4906-1-hdanton@sina.com> <9d9b9652-c1ac-58e9-2eab-9256c17b1da2@I-love.SAKURA.ne.jp> <7d1021f1-c88e-5a03-3b92-087f9be37491@I-love.SAKURA.ne.jp> <6c47dbcf-2a17-6bb2-719b-841d851c603b@I-love.SAKURA.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6c47dbcf-2a17-6bb2-719b-841d851c603b@I-love.SAKURA.ne.jp> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 03, 2023 at 09:59:51PM +0900, Tetsuo Handa wrote: > On 2023/02/03 21:30, Peter Zijlstra wrote: > >> I think the right fix is to: > >> > >> state &= ~TASK_KILLABLE; > > > > state &= ~__TASK_WAKEKILL; > > > > we don't want to mask out UNINTERUPTIBLE, that would be bad. > > This code was made killable as a solution for CVE-2012-4398. > Although OOM reaper is available today, making back to unkillable is not smart. Yes, I meant something like so. diff --git a/kernel/umh.c b/kernel/umh.c index 850631518665..0e69e1e4b6fe 100644 --- a/kernel/umh.c +++ b/kernel/umh.c @@ -438,21 +438,24 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait) if (wait == UMH_NO_WAIT) /* task has freed sub_info */ goto unlock; - if (wait & UMH_KILLABLE) - state |= TASK_KILLABLE; - - if (wait & UMH_FREEZABLE) + if (wait & UMH_FREEZABLE) { state |= TASK_FREEZABLE; - retval = wait_for_completion_state(&done, state); - if (!retval) - goto wait_done; - if (wait & UMH_KILLABLE) { + retval = wait_for_completion_state(&done, state | TASK_KILLABLE); + if (!retval) + goto wait_done; + /* umh_complete() will see NULL and free sub_info */ if (xchg(&sub_info->complete, NULL)) goto unlock; + + /* + * fallthrough; in case of -ERESTARTSYS now do uninterruptible + * wait_for_completion(). + */ } + wait_for_completion_state(&done, state); wait_done: retval = sub_info->retval;