Re: [RFC PATCH] Fix: membarrier: racy access to p->mm in membarrier_global_expedited()

On Mon, Jan 28, 2019 at 7:27 PM Mathieu Desnoyers mathieu.desnoyers@efficios.com wrote:

Jann Horn identified a racy access to p->mm in the global expedited command of the membarrier system call.

The suggested fix is to hold the task_lock() around the accesses to p->mm and to the mm_struct membarrier_state field to guarantee the existence of the mm_struct.

Link: https://lore.kernel.org/lkml/CAG48ez2G8ctF8dHS42TF37pThfr3y0RNOOYTmxvACm4u8Y... Signed-off-by: Mathieu Desnoyers mathieu.desnoyers@efficios.com

The patch looks good to me, and to be sure, I've also given it a spin - I can't trigger a splat anymore. You can add:

Tested-by: Jann Horn jannh@google.com