Mailinglist Archive: opensuse-factory (508 mails)

< Previous Next >
Re: [opensuse-factory] systemd
  • From: Mike Galbraith <mgalbraith@xxxxxxx>
  • Date: Sat, 25 Dec 2010 03:33:23 +0100
  • Message-id: <1293244403.6866.19.camel@xxxxxxxxxxxxxxxx>
On Fri, 2010-12-24 at 13:41 -0500, Jeff Mahoney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/24/2010 12:05 AM, Mike Galbraith wrote:

FYI, this isn't limited to openSUSE factory. Peterz has a repeatable
testcase now (kvm image), and is tracing through it. Systemd is
triggering a strange use after free cgroups problem.

Yep, but we knew that already. I was able to reproduce it with a vanilla
kernel with the desktop config. CONFIG_PREEMPT seemed to have caused the
difference.

In about 12 hours, I should have a copy of the thing to play with.
Hopefully, Peter will have it all figured out before that, as cgroup.c
is hard to read.

Even better.

Eyeballs fingered the bad thing spot before my dog slow download
finished, and Peter has subsequently confirmed/plugged the hole.

Problem was cgroup_exit() assigning exiting tasks to the root task group
without actually moving it. In a CONFIG_PREEMPT kernel, preemption
after that assignment means you'll be enqueued on the cgroup cfs_rq,
which can go away if you were the last task with a reference. When you
get back to the CPU, boom, use after free.

-Mike

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups