tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'sched-urgent-2023-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull scheduler fixes from Ingo Molnar:

- Fix user-after-free bug in call_usermodehelper_exec()

- Fix missing user_cpus_ptr update in __set_cpus_allowed_ptr_locked()

- Fix PSI use-after-free bug in ep_remove_wait_queue()

* tag 'sched-urgent-2023-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/psi: Fix use-after-free in ep_remove_wait_queue()
sched/core: Fix a missed update of user_cpus_ptr
freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL

Linus Torvalds 64e0253d ec35307e

+21 -11
+4 -1
kernel/sched/core.c
··· 2951 2951 } 2952 2952 2953 2953 if (!(ctx->flags & SCA_MIGRATE_ENABLE)) { 2954 - if (cpumask_equal(&p->cpus_mask, ctx->new_mask)) 2954 + if (cpumask_equal(&p->cpus_mask, ctx->new_mask)) { 2955 + if (ctx->flags & SCA_USER) 2956 + swap(p->user_cpus_ptr, ctx->user_mask); 2955 2957 goto out; 2958 + } 2956 2959 2957 2960 if (WARN_ON_ONCE(p == current && 2958 2961 is_migration_disabled(p) &&
+4 -3
kernel/sched/psi.c
··· 1343 1343 1344 1344 group = t->group; 1345 1345 /* 1346 - * Wakeup waiters to stop polling. Can happen if cgroup is deleted 1347 - * from under a polling process. 1346 + * Wakeup waiters to stop polling and clear the queue to prevent it from 1347 + * being accessed later. Can happen if cgroup is deleted from under a 1348 + * polling process. 1348 1349 */ 1349 - wake_up_interruptible(&t->event_wait); 1350 + wake_up_pollfree(&t->event_wait); 1350 1351 1351 1352 mutex_lock(&group->trigger_lock); 1352 1353
+13 -7
kernel/umh.c
··· 438 438 if (wait == UMH_NO_WAIT) /* task has freed sub_info */ 439 439 goto unlock; 440 440 441 - if (wait & UMH_KILLABLE) 442 - state |= TASK_KILLABLE; 443 - 444 441 if (wait & UMH_FREEZABLE) 445 442 state |= TASK_FREEZABLE; 446 443 447 - retval = wait_for_completion_state(&done, state); 448 - if (!retval) 449 - goto wait_done; 450 - 451 444 if (wait & UMH_KILLABLE) { 445 + retval = wait_for_completion_state(&done, state | TASK_KILLABLE); 446 + if (!retval) 447 + goto wait_done; 448 + 452 449 /* umh_complete() will see NULL and free sub_info */ 453 450 if (xchg(&sub_info->complete, NULL)) 454 451 goto unlock; 452 + 453 + /* 454 + * fallthrough; in case of -ERESTARTSYS now do uninterruptible 455 + * wait_for_completion_state(). Since umh_complete() shall call 456 + * complete() in a moment if xchg() above returned NULL, this 457 + * uninterruptible wait_for_completion_state() will not block 458 + * SIGKILL'ed processes for long. 459 + */ 455 460 } 461 + wait_for_completion_state(&done, state); 456 462 457 463 wait_done: 458 464 retval = sub_info->retval;