Re: [PATCH] sched/pid fix use-after free in task_tgid_vnr

2016-12-13 Thread Oleg Nesterov
On 12/13, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > > In this case current->group_leader or parent/real_parent can point to the > > exited/freed tasks. I already said this many times, ee really need to > > nullify > > them in __unhash_process() but this needs a lot of (mostly simple)

Re: [PATCH] sched/pid fix use-after free in task_tgid_vnr

2016-12-12 Thread Eric W. Biederman
Oleg Nesterov writes: > On 12/10, Eric W. Biederman wrote: >> >> Oleg Nesterov writes: >> >> > On 12/09, EunTaik Lee wrote: >> >> >> >> There is a use-after-free case with below call stack. >> >> >> >> pid_nr_ns+0x10/0x38 >> >> cgroup_pidlist_start+0x144/0x400 >> >> cgroup_seqfile_start+0x1c/0x2

Re: [PATCH] sched/pid fix use-after free in task_tgid_vnr

2016-12-12 Thread Oleg Nesterov
On 12/10, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > > On 12/09, EunTaik Lee wrote: > >> > >> There is a use-after-free case with below call stack. > >> > >> pid_nr_ns+0x10/0x38 > >> cgroup_pidlist_start+0x144/0x400 > >> cgroup_seqfile_start+0x1c/0x24 > >> kernfs_seq_start+0x54/0x90 >

Re: [PATCH] sched/pid fix use-after free in task_tgid_vnr

2016-12-09 Thread Eric W. Biederman
Oleg Nesterov writes: > On 12/09, EunTaik Lee wrote: >> >> There is a use-after-free case with below call stack. >> >> pid_nr_ns+0x10/0x38 >> cgroup_pidlist_start+0x144/0x400 >> cgroup_seqfile_start+0x1c/0x24 >> kernfs_seq_start+0x54/0x90 >> seq_read+0x15c/0x3a8 >> kernfs_fop_read+0x38/0x160 >> _

Re: [PATCH] sched/pid fix use-after free in task_tgid_vnr

2016-12-09 Thread Oleg Nesterov
On 12/09, EunTaik Lee wrote: > > There is a use-after-free case with below call stack. > > pid_nr_ns+0x10/0x38 > cgroup_pidlist_start+0x144/0x400 > cgroup_seqfile_start+0x1c/0x24 > kernfs_seq_start+0x54/0x90 > seq_read+0x15c/0x3a8 > kernfs_fop_read+0x38/0x160 > __vfs_read+0x28/0xc8 > vfs_read+0x84/