Wind River Support Network

HomeDefectsLIN6-4544
Not to be fixed

LIN6-4544 : posix-cpu-timers: Fix nanosleep task_struct leak

Created: Feb 25, 2013    Updated: Apr 19, 2018
Resolved Date: Apr 17, 2018
Previous ID: LIN4-13335
Found In Version: 6.0
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel

Description

The trinity fuzzer triggered a task_struct reference leak via 
clock_nanosleep with CPU_TIMERs. do_cpu_nanosleep() calls
posic_cpu_timer_create(), but misses a corresponding
posix_cpu_timer_del() which leads to the task_struct reference leak.

Workaround

commit e6c42c295e071dd74a66b5a9fcf4f44049888ed8 upstream

Steps to Reproduce

1) run the below test:
     #include <time.h>

static const struct timespec req;

int main(void) {
        return clock_nanosleep(CLOCK_PROCESS_CPUTIME_ID,
                                TIMER_ABSTIME, &req, NULL);
}

2) check the task_struct usage before and after running the test case
   grep task_struct /proc/slabinfo
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube