On Tue, 28 Feb 2012 13:30:19 -0600 (CST) Christoph Lameter <cl@xxxxxxxxx> wrote: > Migration functions perform the rcu_read_unlock too early. As a result the > task pointed to may change from under us. > > The following patch extend the period of the rcu_read_lock until after the > permissions checks are done. We also take a refcount so that the task > reference is stable when calling security check functions and performing > cpuset node validation (which takes a mutex). > > The refcount is dropped before actual page migration occurs so there is no > change to the refcounts held during page migration. > > Also move the determination of the mm of the task struct to immediately > before the do_migrate*() calls so that it is clear that we switch from > handling the task during permission checks to the mm for the actual > migration. Since the determination is only done once and we then no longer > use the task_struct we can be sure that we operate on a specific address > space that will not change from under us. What was the user-visible impact of the bug? Please always include info this in bug fix changelogs - it helps me and others to decide which kernel version(s) the patch should be merged into. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>