On Fri, 2010-12-24 at 13:41 -0500, Jeff Mahoney wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/24/2010 12:05 AM, Mike Galbraith wrote:
FYI, this isn't limited to openSUSE factory. Peterz has a repeatable testcase now (kvm image), and is tracing through it. Systemd is triggering a strange use after free cgroups problem.
Yep, but we knew that already. I was able to reproduce it with a vanilla kernel with the desktop config. CONFIG_PREEMPT seemed to have caused the difference.
In about 12 hours, I should have a copy of the thing to play with. Hopefully, Peter will have it all figured out before that, as cgroup.c is hard to read.
Even better.
Eyeballs fingered the bad thing spot before my dog slow download finished, and Peter has subsequently confirmed/plugged the hole. Problem was cgroup_exit() assigning exiting tasks to the root task group without actually moving it. In a CONFIG_PREEMPT kernel, preemption after that assignment means you'll be enqueued on the cgroup cfs_rq, which can go away if you were the last task with a reference. When you get back to the CPU, boom, use after free. -Mike -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org