Re: free_task_struct() called too early?

Alan Cox (alan@lxorguk.ukuu.org.uk)
Fri, 10 Aug 2001 23:43:23 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Khyron: "[PROBLEM] 2.4.5: Sending TCP doesn't send"
Previous message: Alan Cox: "Re: [PATCH] Adaptec I2O RAID driver (kernel 2.4.7)"
Next in thread: Linus Torvalds: "Re: free_task_struct() called too early?"
Reply: Linus Torvalds: "Re: free_task_struct() called too early?"

> When a process terminates, it appears that the task structure is freed too
> early. There are memory references to the kernel task area (task_struct and
> stack space) after free_task_struct(p) is called.
>
> If I modify the following line in include/asm-i386/processor.h
>
> #define free_task_struct(p) free_pages((unsigned long) (p), 1) to
> #define free_task_struct(p) memset((void*) (p), 0xf, PAGE_SIZE*2);
> free_pages((unsigned long) (p), 1)
> then kernel will boot to init and lockup on when first task terminates.
>
> Has anyone looked into or aware of this issue?

2.4.8pre fixed a case with semaphores on the stack. It might not be the only
one. Your #define is wrong though, if a single free_task_struct path is an
if you will not do what you expect

do { memset(), free_pages } while(0);

would be safer.

I'd like to know if 2.4.8pre8 does it except on module unload (where it is
still buggy)

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Khyron: "[PROBLEM] 2.4.5: Sending TCP doesn't send"
Previous message: Alan Cox: "Re: [PATCH] Adaptec I2O RAID driver (kernel 2.4.7)"
Next in thread: Linus Torvalds: "Re: free_task_struct() called too early?"
Reply: Linus Torvalds: "Re: free_task_struct() called too early?"