kthread uses stack and keeps completion structure on it to be woken up
on vfork_done completion.
In commit 2deb4be28 Andy Lutomirski rewinds the stack unconditionally
and further completion of task->vfork_done for any kthread leads to stack
corruption (or infinite spin on attempt to spin lock on garbage memory).
Signed-off-by: Roman Pen <roman.peny...@profitbricks.com>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Josh Poimboeuf <jpoim...@redhat.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Brian Gerst <brge...@gmail.com>
Cc: Denys Vlasenko <dvlas...@redhat.com>
Cc: H. Peter Anvin <h...@zytor.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: Tejun Heo <t...@kernel.org>
Cc: x...@kernel.org
Cc: linux-kernel@vger.kernel.org
---
arch/x86/kernel/dumpstack.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
index e0648f7..74be764 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -250,9 +250,14 @@ void oops_end(unsigned long flags, struct pt_regs *regs,
int signr)
/*
* We're not going to return, but we might be on an IST stack or
* have very little stack space left. Rewind the stack and kill
- * the task.
+ * the task. But kthread is a special case, since kthread uses
+ * stack to keep completion structure to be woken on vfork_done
+ * completion.
*/
- rewind_stack_do_exit(signr);
+ if (current->flags & PF_KTHREAD)
+ do_exit(signr);
+ else
+ rewind_stack_do_exit(signr);
}
NOKPROBE_SYMBOL(oops_end);
--
2.9.3
