Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp4434614rwo; Tue, 25 Jul 2023 06:10:56 -0700 (PDT) X-Google-Smtp-Source: APBJJlHcxQLD/CO/vRh4RaioUKPMM5bHMzhNT9c5CPix6JxG7m3650ujC7wDvCzqb/P7QBeYoRnX X-Received: by 2002:a05:6358:9316:b0:130:5951:b268 with SMTP id x22-20020a056358931600b001305951b268mr8181558rwa.31.1690290656596; Tue, 25 Jul 2023 06:10:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690290656; cv=none; d=google.com; s=arc-20160816; b=Bx+hLUhnZ4PWxViSa3MTl7RzBJ14EBHCLGR4OVdJRsyA+i0VLnLEE0REhbPzZ1qFxz Xr5+otX3pTVF4HDlBq4E+XT4lRPexQ/kTp6aAYuQpahXMtHQAlsHaq8qx2If3Qn57/IL 9Cz+Qyqkb8IElD6UyaAE4haQhuNS4WfvdTTCa0g8/jYD9fOBj0lbQaiTx+il+JuBQCKH W6aM8Qy7dr2C9Bi42fX1SlwJ+8iu6p8TpER0hOu+NSb7ORzbiLMBd6wzEtzkRBPH+DfG uYf20KAaZIX7w2D34RXg5E6Ymh2KGxWsQDqpVdWtLa76tW/MOU3sERoM6+AbR/Q3insB Ryvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=BGJNAVJdD0Q/8JbuQBoKBnO/mY/eEyaohdvrZDksPos=; fh=lMPeSb2p0jIA7HtYt8NELjYy/6uRMvMQKxdLrZV3f10=; b=rrz5amoGuv7zIJ48wptkyjFqGaI+dsMeF8liGfOMfSF0b6xIcu9FCQ8jvvCsmDBRmS WiB24Laz6DVz9mOoC9JyTdWn0tvJkOuXNtfybfiG6FCnPvfkixuI242bUIIy9Qap75Wj E4KkQn6IvK9ieVrdRsZIL1tiXw5Qvo+3uW2M6FY5qIx3jET0hWPozyZUNvnYutMDL8AG qQXej8fnT7B6x3R2w3+FZHtiXMS/M1nHZBCNolJ+xggoDcQwYYlX8COEszTRjQsPIfnb PCYXYVar6RqG0h+7ZmaMBEbtQ+iPSxDtz6szXFZ8lkVUBFlACB2B5/i+TXRaR6VHqf3w FQSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="mti/hJ/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a26-20020a63705a000000b00563adca207csi5087191pgn.426.2023.07.25.06.10.43; Tue, 25 Jul 2023 06:10:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="mti/hJ/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233395AbjGYMsI (ORCPT + 99 others); Tue, 25 Jul 2023 08:48:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60596 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233707AbjGYMsB (ORCPT ); Tue, 25 Jul 2023 08:48:01 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF3341BC2 for ; Tue, 25 Jul 2023 05:47:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4343C616CE for ; Tue, 25 Jul 2023 12:47:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7785C433C9; Tue, 25 Jul 2023 12:47:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690289264; bh=KzMqdsVdb/RNrFDTE7RYUsqrP0bpiOVqoDz4Fsk9EeQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mti/hJ/AKMENtv/H3XHgNbi6EDSN4by+4kzW6H6SN/+2h8kA1Cd64a0Kse+Bkbg1C EsmaEJwF6QbQXctEcBGt+loYUQ+ziNBGuDN8FjI7C4d6hlTzNdUGKRd51GIOAjmRUg 4k5JxXEvgHmtab3ZTh7ZjKE0JwVrh5/unVhBLbtJVjiCkjIuvkgvOBvkG7NzuzX2wE tPWxvvarMe1SDHfhxa2JRJtlfriNoRhrqMvhaZGpFSt2hjcg/KNQMAm6lCZvr7xTlN Rko/+vKeqoI2EKfLGbf4Q/Q7xzLDodZU/z7MS66HE+V3rwUFPpXt5OTqeYmQOiEMCY NIekY8nAEtpRQ== Date: Tue, 25 Jul 2023 14:47:39 +0200 From: Christian Brauner To: Xuewen Yan Cc: Xuewen Yan , jack@suse.cz, keescook@chromium.org, peterz@infradead.org, vincent.guittot@linaro.org, linux-kernel@vger.kernel.org, di.shen@unisoc.com Subject: Re: [PATCH] pid: Add the judgment of whether ns is NULL in the find_pid_ns Message-ID: <20230725-gespeichert-auffuhr-00ed9e57ec7f@brauner> References: <20230713071713.5762-1-xuewen.yan@unisoc.com> <20230725-hemmschwelle-braten-481527898001@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 25, 2023 at 08:24:18PM +0800, Xuewen Yan wrote: > On Tue, Jul 25, 2023 at 4:49 PM Christian Brauner wrote: > > > > On Thu, Jul 13, 2023 at 03:17:13PM +0800, Xuewen Yan wrote: > > > There is no the judgment of whether namspace is NULL in find_pid_ns. > > > But there is a corner case when ns is null, for example: if user > > > call find_get_pid when current is in exiting, the following stack would > > > set thread_id be null: > > > release_task > > > __exit_signal(p); > > > __unhash_process(tsk, group_dead); > > > detach_pid(p, PIDTYPE_PID); > > > __change_pid(task, type, NULL); > > > > > > If user call find_get_pid at now, in find_vpid function, the > > > > I fail to see how this can happen. The code you're referencing is in > > release_task(). If current has gone through that then current obviously > > can't call find_vpid() on itself anymore or anything else for that > > matter. > > This happened when user calls find_vpid() in irq. > > [72117.635162] Call trace: > [72117.635595] idr_find+0xc/0x24 > [72117.636103] find_get_pid+0x40/0x68 > [72117.636812] send_event+0x88/0x180 [demux] > [72117.637593] vbvop_copy_data+0x150/0x344 [demux] > [72117.638434] dmisr_video_parsing_mpeg12+0x29c/0x42c [demux] > [72117.639393] dmisr_video_parsing_switch+0x68/0xec [demux] > [72117.640332] dmisr_handle_video_pes+0x10c/0x26c [demux] > [72117.641108] tasklet_action_common+0x130/0x224 > [72117.641784] tasklet_action+0x28/0x34 > [72117.642366] __do_softirq+0x128/0x4dc > [72117.642944] irq_exit+0xf8/0xfc > [72117.643459] __handle_domain_irq+0xb0/0x108 > [72117.644102] gic_handle_irq+0x6c/0x124 > [72117.644691] el1_irq+0x108/0x200 > [72117.645217] _raw_write_unlock_irq+0x2c/0x5c > [72117.645870] release_task+0x144/0x1ac <<<<<< > [72117.646447] do_exit+0x524/0x94c > [72117.646970] __do_sys_exit_group+0x0/0x14 > [72117.647591] do_group_exit+0x0/0xa0 > [72117.648146] __se_sys_exit+0x0/0x20 > [72117.648704] el0_svc_common+0xcc/0x1bc > [72117.649292] el0_svc_handler+0x2c/0x3c > [72117.649881] el0_svc+0x8/0xc > > In release_task, write_unlock_irq(&tasklist_lock) will open irq, at > this time, if user calls find_get_pid() in irq, because > current->thread_id is NULL, > it will handle the NULL pointer. Uhm, where is that code from? This doesn't seem to be upstream.