mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-23 08:35:19 -05:00
freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL
Tetsuo-San noted that commitf5d39b0208
("freezer,sched: Rewrite core freezer logic") broke call_usermodehelper_exec() for the KILLABLE case. Specifically it was missed that the second, unconditional, wait_for_completion() was not optional and ensures the on-stack completion is unused before going out-of-scope. Fixes:f5d39b0208
("freezer,sched: Rewrite core freezer logic") Reported-by: syzbot+6cd18e123583550cf469@syzkaller.appspotmail.com Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Debugged-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/Y90ar35uKQoUrLEK@hirez.programming.kicks-ass.net
This commit is contained in:
parent
ceaa837f96
commit
eedeb787eb
1 changed files with 13 additions and 7 deletions
20
kernel/umh.c
20
kernel/umh.c
|
@ -438,21 +438,27 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
|
|||
if (wait == UMH_NO_WAIT) /* task has freed sub_info */
|
||||
goto unlock;
|
||||
|
||||
if (wait & UMH_KILLABLE)
|
||||
state |= TASK_KILLABLE;
|
||||
|
||||
if (wait & UMH_FREEZABLE)
|
||||
state |= TASK_FREEZABLE;
|
||||
|
||||
retval = wait_for_completion_state(&done, state);
|
||||
if (!retval)
|
||||
goto wait_done;
|
||||
|
||||
if (wait & UMH_KILLABLE) {
|
||||
retval = wait_for_completion_state(&done, state | TASK_KILLABLE);
|
||||
if (!retval)
|
||||
goto wait_done;
|
||||
|
||||
/* umh_complete() will see NULL and free sub_info */
|
||||
if (xchg(&sub_info->complete, NULL))
|
||||
goto unlock;
|
||||
|
||||
/*
|
||||
* fallthrough; in case of -ERESTARTSYS now do uninterruptible
|
||||
* wait_for_completion_state(). Since umh_complete() shall call
|
||||
* complete() in a moment if xchg() above returned NULL, this
|
||||
* uninterruptible wait_for_completion_state() will not block
|
||||
* SIGKILL'ed processes for long.
|
||||
*/
|
||||
}
|
||||
wait_for_completion_state(&done, state);
|
||||
|
||||
wait_done:
|
||||
retval = sub_info->retval;
|
||||
|
|
Loading…
Add table
Reference in a new issue