kernel_optimize_test/kernel/locking
Qian Cai d22cc7f67d locking/percpu-rwsem: Fix a task_struct refcount
The following commit:

  7f26482a87 ("locking/percpu-rwsem: Remove the embedded rwsem")

introduced task_struct memory leaks due to messing up the task_struct
refcount.

At the beginning of percpu_rwsem_wake_function(), it calls get_task_struct(),
but if the trylock failed, it will remain in the waitqueue. However, it
will run percpu_rwsem_wake_function() again with get_task_struct() to
increase the refcount but then only call put_task_struct() once the trylock
succeeded.

Fix it by adjusting percpu_rwsem_wake_function() a bit to guard against
when percpu_rwsem_wait() observing !private, terminating the wait and
doing a quick exit() while percpu_rwsem_wake_function() then doing
wake_up_process(p) as a use-after-free.

Fixes: 7f26482a87 ("locking/percpu-rwsem: Remove the embedded rwsem")
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lkml.kernel.org/r/20200330213002.2374-1-cai@lca.pw
2020-04-08 12:05:06 +02:00
..
lock_events_list.h
lock_events.c
lock_events.h
lockdep_internals.h locking/lockdep: Reuse freed chain_hlocks entries 2020-02-11 13:10:52 +01:00
lockdep_proc.c locking/lockdep: Reuse freed chain_hlocks entries 2020-02-11 13:10:52 +01:00
lockdep_states.h
lockdep.c x86 entry code updates: 2020-03-30 19:14:28 -07:00
locktorture.c locktorture: Forgive apparent unfairness if CPU hotplug 2020-02-20 15:59:59 -08:00
Makefile
mcs_spinlock.h
mutex-debug.c lockdep: Introduce wait-type checks 2020-03-21 16:00:24 +01:00
mutex-debug.h
mutex.c Revert "locking/mutex: Complain upon mutex API misuse in IRQ contexts" 2019-12-11 00:27:43 +01:00
mutex.h mutex: Fix up mutex_waiter usage 2019-08-08 09:09:25 +02:00
osq_lock.c locking/osq: Use optimized spinning loop for arm64 2020-01-17 10:19:30 +01:00
percpu-rwsem.c locking/percpu-rwsem: Fix a task_struct refcount 2020-04-08 12:05:06 +02:00
qrwlock.c
qspinlock_paravirt.h Revert "locking/pvqspinlock: Don't wait if vCPU is preempted" 2019-09-25 10:22:37 +02:00
qspinlock_stat.h
qspinlock.c locking/qspinlock: Fix inaccessible URL of MCS lock paper 2020-01-17 10:19:30 +01:00
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex.c locking/rtmutex: rcu: Add WRITE_ONCE() to rt_mutex ->owner 2020-02-20 15:58:22 -08:00
rtmutex.h
rwsem.c lockdep: Introduce wait-type checks 2020-03-21 16:00:24 +01:00
rwsem.h locking/percpu-rwsem: Remove the embedded rwsem 2020-02-11 13:10:56 +01:00
semaphore.c
spinlock_debug.c lockdep: Introduce wait-type checks 2020-03-21 16:00:24 +01:00
spinlock.c
test-ww_mutex.c