[PATCH 1/2] device_cgroup: fix RCU usage
Serge Hallyn
serge.hallyn at canonical.com
Tue Nov 6 17:48:41 UTC 2012
Quoting Tejun Heo (tj at kernel.org):
> dev_cgroup->exceptions is protected with devcgroup_mutex for writes
> and RCU for reads; however, RCU usage isn't correct.
>
> * dev_exception_clean() doesn't use RCU variant of list_del() and
> kfree(). The function can race with may_access() and may_access()
> may end up dereferencing already freed memory. Use list_del_rcu()
> and kfree_rcu() instead.
>
> * may_access() may be called only with RCU read locked but doesn't use
> RCU safe traversal over ->exceptions. Use list_for_each_entry_rcu().
>
> Signed-off-by: Tejun Heo <tj at kernel.org>
> Cc: stable at vger.kernel.org
> Cc: Aristeu Rozanski <aris at redhat.com>
> Cc: Li Zefan <lizefan at huawei.com>
> Cc: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
thanks,
-serge
> ---
> Oops, wrong patch. This is the correct one.
>
> Thanks.
>
> security/device_cgroup.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> --- a/security/device_cgroup.c
> +++ b/security/device_cgroup.c
> @@ -164,8 +164,8 @@ static void dev_exception_clean(struct d
> struct dev_exception_item *ex, *tmp;
>
> list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) {
> - list_del(&ex->list);
> - kfree(ex);
> + list_del_rcu(&ex->list);
> + kfree_rcu(ex, rcu);
> }
> }
>
> @@ -298,7 +298,7 @@ static int may_access(struct dev_cgroup
> struct dev_exception_item *ex;
> bool match = false;
>
> - list_for_each_entry(ex, &dev_cgroup->exceptions, list) {
> + list_for_each_entry_rcu(ex, &dev_cgroup->exceptions, list) {
> if ((refex->type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
> continue;
> if ((refex->type & DEV_CHAR) && !(ex->type & DEV_CHAR))
More information about the Containers
mailing list