Thread (31 messages) 31 messages, 4 authors, 2019-01-16

Re: KASAN: use-after-free Read in task_is_descendant

From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Date: 2018-10-26 13:52:16
Also in: lkml 

On 2018/10/26 22:04, Oleg Nesterov wrote:
quoted
Suppose p1 == p2->real_parent and p2 == p3->real_parent, and p1 exited
when p2 tried to attach on p1, p2->real_parent was pointing to already
(or about to be) freed p1.
No, p2->real_parent will be updated. If p1 exits it will re-parent its
children including p2.
My error.

Suppose p1 == p2->real_parent and p2 == p3->real_parent, and p1 exited
when someone tried to attach on p2, p2->real_parent was pointing to already
(or about to be) freed p1.

So, the puzzle part is why p2->real_parent was still pointing p1 even after
p1 was freed...

Again, did you read my previous email?
Yes. But I still can't be convinced that pid_alive() test helps.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help