From patchwork Mon Mar 25 22:56:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Arcangeli X-Patchwork-Id: 10870313 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D8469139A for ; Mon, 25 Mar 2019 22:56:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C19D828E71 for ; Mon, 25 Mar 2019 22:56:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B32FA290C6; Mon, 25 Mar 2019 22:56:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3172628E71 for ; Mon, 25 Mar 2019 22:56:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 08F4C6B0266; Mon, 25 Mar 2019 18:56:43 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id F34EF6B026A; Mon, 25 Mar 2019 18:56:42 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DD6226B026B; Mon, 25 Mar 2019 18:56:42 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by kanga.kvack.org (Postfix) with ESMTP id B8D8B6B0266 for ; Mon, 25 Mar 2019 18:56:42 -0400 (EDT) Received: by mail-qt1-f197.google.com with SMTP id g17so11795261qte.17 for ; Mon, 25 Mar 2019 15:56:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Pg+ngYFMmyJ8lECB6vesVMArcBSQwLgdaATa835z1bQ=; b=qJCJLRrQ7j6btohVNkXunbsjpqFX0QYuVvW1HnHpgcdaR6gDqYkboRQlNlPtVsh2uI 0Ym66Vh9ZgLRmPuNCmzgmyNeHkTTozKXBEyIEpa5nYHgFToG2KmjkjL9XeMqxaOFBhD+ 54oOY3ZwqxqQAm62Iqrc5roGDzymHVoNdb4uEnlR03PL5hWT5o2LKmDwXeMSZ7Iktake nk+bsHDlgXee7p5ZdamLMmXmSMicQ+F3x6M5RHM5ox4zeO1A/40tvy2KWckD3W8lLtSs AcUZWgeOabYKYapn6O61LgJ+B1e44uD2s/ozatoyJ+dvnacDO7AvHKLv+0Rcs0mK5HrG tCzw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com X-Gm-Message-State: APjAAAVMiuPwiiDHUaeQFJku92sGj0OD42uErKvKfJb/uK54NC5axaxF 40VbSUw/nTmbAAfIJhdkrn85/fwtW6dDpwvLKbT+B22wgB4VUD1kjUK8+YNGEmSYtW4dSb5fTv1 jyfBELYIWfnQBKr/uAJMGq4q8uq8wjkjcEgJU6K4KzUMHBbjkgdGX/0uoRXrII4k3Nw== X-Received: by 2002:ae9:e21a:: with SMTP id c26mr22269744qkc.293.1553554602496; Mon, 25 Mar 2019 15:56:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqyrygnrc1zbfAGc0A5jXZ1QVYKvGTxUF4nEWCROXaXDV9HreBwSS7JR7A7rAkxp4RcEhyZj X-Received: by 2002:ae9:e21a:: with SMTP id c26mr22269692qkc.293.1553554601342; Mon, 25 Mar 2019 15:56:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553554601; cv=none; d=google.com; s=arc-20160816; b=FWpDZ6dP6XRYoUqakPIDIc4a0nA95bC+PtmDGm+oKB7cOCE2vFU+6cTyzT8Dj+czBs QMKF24jyaKZQGTTi6Mu559yvEWnRZTS5X2o1bELtu6WSk0Fy3vFj4k+rtvacVIlWKBZP pLUxcCN4UamrGU0F6EJPKWCuVSmFmyveMljXNKECy+D4YA4SU97lbfvU53X6LkDtG8bV oGPhruCzrK1+VAvSj/KqFdHUO7rpWpnZDzStsNVu7SN/aXh/UkYUTTHzbf7WfBaxESk0 OswaFL2hb0LN1W7WQLf3Zkzx+tKyqwJ3yjzJ6+tJuZNMzhKx0d5m6WnmTOeqeiA+LEdK QZdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=Pg+ngYFMmyJ8lECB6vesVMArcBSQwLgdaATa835z1bQ=; b=jvd3dZNOIz4peABaJfhnEK+ZP/thd5zCQ0fkHCe97K951Mh+z6hm3u8ldpGzdOoqa1 ZbCBP3aNoln9EzOdxyLZ6nPdJKPSvOy79n6uL+Cc+QNJxKC3NlO2j8cm5IVNoPmeuk5O uxscOImZtuGp34fTP5XuVe1X7tlYOGU5lykfFR49UjNvhq654NDp94DrNiKbDiIC6RiQ pukJRF/1sCmZCrch6WXtR8KTxVimp8o3Qn0Ug8kubIUNZPRucD0CHZxIrkeE7dr+Wvbg zDyTKqZ8gRP9dZfNo/ufGycWupDGs49lcNGNGz/X0vGLW7+eEdfwzvKLeHj/RHMkztcW 7N2w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id z2si1547298qvi.23.2019.03.25.15.56.41 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Mar 2019 15:56:41 -0700 (PDT) Received-SPF: pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6BB91C057F3D; Mon, 25 Mar 2019 22:56:40 +0000 (UTC) Received: from sky.random (ovpn-120-118.rdu2.redhat.com [10.10.120.118]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D93A51001E67; Mon, 25 Mar 2019 22:56:36 +0000 (UTC) From: Andrea Arcangeli To: Andrew Morton Cc: linux-mm@kvack.org, zhong jiang , syzkaller-bugs@googlegroups.com, syzbot+cbb52e396df3e565ab02@syzkaller.appspotmail.com, Mike Rapoport , Mike Kravetz , Peter Xu , Dmitry Vyukov Subject: [PATCH 1/2] userfaultfd: use RCU to free the task struct when fork fails Date: Mon, 25 Mar 2019 18:56:35 -0400 Message-Id: <20190325225636.11635-2-aarcange@redhat.com> In-Reply-To: <20190325225636.11635-1-aarcange@redhat.com> References: <20190325225636.11635-1-aarcange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Mon, 25 Mar 2019 22:56:40 +0000 (UTC) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP MEMCG depends on the task structure not to be freed under rcu_read_lock() in get_mem_cgroup_from_mm() after it dereferences mm->owner. An alternate possible fix would be to defer the delivery of the userfaultfd contexts to the monitor until after fork() is guaranteed to succeed. Such a change would require more changes because it would create a strict ordering dependency where the uffd methods would need to be called beyond the last potentially failing branch in order to be safe. This solution as opposed only adds the dependency to common code to set mm->owner to NULL and to free the task struct that was pointed by mm->owner with RCU, if fork ends up failing. The userfaultfd methods can still be called anywhere during the fork runtime and the monitor will keep discarding orphaned "mm" coming from failed forks in userland. This race condition couldn't trigger if CONFIG_MEMCG was set =n at build time. Fixes: 893e26e61d04 ("userfaultfd: non-cooperative: Add fork() event") Cc: stable@kernel.org Tested-by: zhong jiang Reported-by: syzbot+cbb52e396df3e565ab02@syzkaller.appspotmail.com Signed-off-by: Andrea Arcangeli Signed-off-by: Andrea Arcangeli Tested-by: zhong jiang Reported-by: syzbot+cbb52e396df3e565ab02@syzkaller.appspotmail.com Signed-off-by: Andrew Morton --- kernel/fork.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 9dcd18aa210b..a19790e27afd 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -952,6 +952,15 @@ static void mm_init_aio(struct mm_struct *mm) #endif } +static __always_inline void mm_clear_owner(struct mm_struct *mm, + struct task_struct *p) +{ +#ifdef CONFIG_MEMCG + if (mm->owner == p) + WRITE_ONCE(mm->owner, NULL); +#endif +} + static void mm_init_owner(struct mm_struct *mm, struct task_struct *p) { #ifdef CONFIG_MEMCG @@ -1331,6 +1340,7 @@ static struct mm_struct *dup_mm(struct task_struct *tsk) free_pt: /* don't put binfmt in mmput, we haven't got module yet */ mm->binfmt = NULL; + mm_init_owner(mm, NULL); mmput(mm); fail_nomem: @@ -1662,6 +1672,24 @@ static inline void rcu_copy_process(struct task_struct *p) #endif /* #ifdef CONFIG_TASKS_RCU */ } +#ifdef CONFIG_MEMCG +static void __delayed_free_task(struct rcu_head *rhp) +{ + struct task_struct *tsk = container_of(rhp, struct task_struct, rcu); + + free_task(tsk); +} +#endif /* CONFIG_MEMCG */ + +static __always_inline void delayed_free_task(struct task_struct *tsk) +{ +#ifdef CONFIG_MEMCG + call_rcu(&tsk->rcu, __delayed_free_task); +#else /* CONFIG_MEMCG */ + free_task(tsk); +#endif /* CONFIG_MEMCG */ +} + /* * This creates a new process as a copy of the old one, * but does not actually start it yet. @@ -2123,8 +2151,10 @@ static __latent_entropy struct task_struct *copy_process( bad_fork_cleanup_namespaces: exit_task_namespaces(p); bad_fork_cleanup_mm: - if (p->mm) + if (p->mm) { + mm_clear_owner(p->mm, p); mmput(p->mm); + } bad_fork_cleanup_signal: if (!(clone_flags & CLONE_THREAD)) free_signal_struct(p->signal); @@ -2155,7 +2185,7 @@ static __latent_entropy struct task_struct *copy_process( bad_fork_free: p->state = TASK_DEAD; put_task_stack(p); - free_task(p); + delayed_free_task(p); fork_out: spin_lock_irq(¤t->sighand->siglock); hlist_del_init(&delayed.node); From patchwork Mon Mar 25 22:56:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Arcangeli X-Patchwork-Id: 10870309 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1432E139A for ; Mon, 25 Mar 2019 22:56:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F04CE28E71 for ; Mon, 25 Mar 2019 22:56:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DE7B1290C6; Mon, 25 Mar 2019 22:56:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8139E28E71 for ; Mon, 25 Mar 2019 22:56:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65CF16B000D; Mon, 25 Mar 2019 18:56:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 5E5096B000E; Mon, 25 Mar 2019 18:56:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4AEC06B0010; Mon, 25 Mar 2019 18:56:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by kanga.kvack.org (Postfix) with ESMTP id 229446B000D for ; Mon, 25 Mar 2019 18:56:41 -0400 (EDT) Received: by mail-qt1-f199.google.com with SMTP id g48so11813172qtk.19 for ; Mon, 25 Mar 2019 15:56:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=sWaHJcUV7ws1d0/n1vJBfYGdp8DvVP7zvuodDGSa9lg=; b=sZKpDamX44VxmXgNb+Nzx++ZFtC1xlzECJ1c9dUrFG4Ix/yRlcYb3umw6O/uDaZrJD VmOva/Op8M6lcT69TjDChM/TUrATtW4AtFY92lRAGlYdUriJCG36L31RRXaVkErS2xOm lzt91pXiPZrCLQ6+x9adiA1XTnl7Cde0eGPVXh+Jh0olZlciZLKPX0fUCjwQdXlLUP5L 0n5MTSPMUf6Lc08gc23AJhnFWRlaHopqUmZtMsOtpBZwCvWAg/ZLV0A2bQmy/EokHzsG kEmHSIHF9mxSv56Aw3elpC5BBM+ySQLcuuTc5a9rBbf2TjYto68w+H6BPqYJjpCDIsnl Vkcg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com X-Gm-Message-State: APjAAAWXbS1/H/ZZ+ub/Z44WAO4gE1qZmn/XY05DHGj3JeShH/dMB/gn XnEoU0xbTZ9bs8wjwkHLQVXIST7aXAT/yLgO4lEI31wq51oLv3zWYzjPAKtzrR0W4hvTXFymkNi a45NpdZ6L7mWgV7dtFvlb6dp6DMqjs+GsdTMLcxTXMlobbXm6fhJnL4M1XuhMTpzXAw== X-Received: by 2002:ac8:544c:: with SMTP id d12mr22140494qtq.199.1553554600909; Mon, 25 Mar 2019 15:56:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqzCvu5qAqpfGFMZ1oXLfENiPw6ehW0FprVuI4Hl9tNMA+vU/8JlqB/mbQk1O2b4YtNQOxex X-Received: by 2002:ac8:544c:: with SMTP id d12mr22140473qtq.199.1553554600297; Mon, 25 Mar 2019 15:56:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553554600; cv=none; d=google.com; s=arc-20160816; b=UgsQ6c4hcnj+COg5tqghxCLeHJPJBf9M/LrY5L5xtCxe2ukjLQoWNqg9qQWC4OSInZ 1tkmAUJ3ihSS3i74ca76niYpEjyTHR1qdvPwsPh1gZhyklSOti3pcREAzHfkO3xZAcWK CvPtdFM5CnrLXqhoq+p6Vo+onU3JLRc6kwVmvEPIguJ0OgXwbXs3KNc0pyCGg8Q/JkUp sguOF737nl2Pc2V++JUoahaWmxgwzBrZpxrRXSZIOFi+pEEoWSiftMKxKrRgZ4Zvsgxb fnOqpePQiapyShj63DNqImCnFJ80MJpp+HqXn0FmqptWWE8navu0sSkJPvZeAp/bmSOQ Ed8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=sWaHJcUV7ws1d0/n1vJBfYGdp8DvVP7zvuodDGSa9lg=; b=Ne6N3oEihTwjlPP8NkJMm4Fp6H4yAVey1Z+EK4aY73oaAofO+j4g/LNHdh/QyNJFas D8kkoY1iPPa8W+ztqelxySxSlNZQhGiYOAT/lFCDDxjc61TQwkHziEcxVUVsSTGJt1/H 1Rk2tQ8QMT+BOOBfyYj97phn7I1dIV8YJVLkYwlxLJc284ViO0USh4SuHz1EOmvdDDEn ZAIk8h5S81yMwcCFmunt8jorlFd5UWTyJiuhfHimbKEbusrdIsFZ0EBEHomUH3M6qvs9 J3YBY9y+TwcQF2qf6o5pmQlDNSiLKMQNcYOGdJPAvZ+KslD2e1RZtplQO+qsYHHtVk32 +Klg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id x5si147026qvc.136.2019.03.25.15.56.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Mar 2019 15:56:40 -0700 (PDT) Received-SPF: pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of aarcange@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 788ED3086262; Mon, 25 Mar 2019 22:56:39 +0000 (UTC) Received: from sky.random (ovpn-120-118.rdu2.redhat.com [10.10.120.118]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F1E2E642B5; Mon, 25 Mar 2019 22:56:36 +0000 (UTC) From: Andrea Arcangeli To: Andrew Morton Cc: linux-mm@kvack.org, zhong jiang , syzkaller-bugs@googlegroups.com, syzbot+cbb52e396df3e565ab02@syzkaller.appspotmail.com, Mike Rapoport , Mike Kravetz , Peter Xu , Dmitry Vyukov Subject: [PATCH 2/2] mm: change mm_update_next_owner() to update mm->owner with WRITE_ONCE Date: Mon, 25 Mar 2019 18:56:36 -0400 Message-Id: <20190325225636.11635-3-aarcange@redhat.com> In-Reply-To: <20190325225636.11635-1-aarcange@redhat.com> References: <20190325225636.11635-1-aarcange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Mon, 25 Mar 2019 22:56:39 +0000 (UTC) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The RCU reader uses rcu_dereference() inside rcu_read_lock critical sections, so the writer shall use WRITE_ONCE. Just a cleanup, we still rely on gcc to emit atomic writes in other places. Signed-off-by: Andrea Arcangeli --- kernel/exit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/exit.c b/kernel/exit.c index 2166c2d92ddc..8361a560cd1d 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -422,7 +422,7 @@ void mm_update_next_owner(struct mm_struct *mm) * freed task structure. */ if (atomic_read(&mm->mm_users) <= 1) { - mm->owner = NULL; + WRITE_ONCE(mm->owner, NULL); return; } @@ -462,7 +462,7 @@ void mm_update_next_owner(struct mm_struct *mm) * most likely racing with swapoff (try_to_unuse()) or /proc or * ptrace or page migration (get_task_mm()). Mark owner as NULL. */ - mm->owner = NULL; + WRITE_ONCE(mm->owner, NULL); return; assign_new_owner: @@ -483,7 +483,7 @@ void mm_update_next_owner(struct mm_struct *mm) put_task_struct(c); goto retry; } - mm->owner = c; + WRITE_ONCE(mm->owner, c); task_unlock(c); put_task_struct(c); }