On Thu, 6 Dec 2018 12:47:19 -0500 Steven Rostedt <rost...@goodmis.org> wrote:
> > Uprobes: Fix kernel oops with delayed_uprobe_remove() > > There could be a race between task exit and probe unregister: > > exit_mm() > mmput() > __mmput() uprobe_unregister() > uprobe_clear_state() put_uprobe() > delayed_uprobe_remove() delayed_uprobe_remove() > > put_uprobe() is calling delayed_uprobe_remove() without taking > delayed_uprobe_lock and thus the race sometimes results in a > kernel crash. Fix this by taking delayed_uprobe_lock before > calling delayed_uprobe_remove() from put_uprobe(). > > Detailed crash log can be found at: > Link: http://lkml.kernel.org/r/000000000000140c370577db5...@google.com > > Link: > http://lkml.kernel.org/r/20181205033423.26242-1-ravi.bango...@linux.ibm.com > > Acked-by: Oleg Nesterov <o...@redhat.com> > Reviewed-by: Srikar Dronamraju <sri...@linux.vnet.ibm.com> > Reported-by: syzbot+cb1fb754b771caca0...@syzkaller.appspotmail.com > Fixes: 1cc33161a83d ("uprobes: Support SDT markers having reference count > (semaphore)") > Signed-off-by: Ravi Bangoria <ravi.bango...@linux.ibm.com> > Signed-off-by: Steven Rostedt (VMware) <rost...@goodmis.org> > No cc:stable?
