From: Oleg Nesterov <oleg@tv-sign.ru>
To: Andrew Morton <akpm@osdl.org>
Cc: Shailabh Nagar <nagar@watson.ibm.com>,
Balbir Singh <balbir@in.ibm.com>, Jay Lan <jlan@sgi.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH 1/6] fill_tgid: fix task_struct leak and possible oops
Date: Fri, 27 Oct 2006 03:20:52 +0400 [thread overview]
Message-ID: <20061026232052.GA520@oleg> (raw)
1. fill_tgid() forgets to do put_task_struct(first).
2. release_task(first) can happen after fill_tgid() drops tasklist_lock,
it is unsafe to dereference first->signal.
This is a temporary fix, imho the locking should be reworked.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
--- STATS/kernel/taskstats.c~1_fix_sig 2006-10-22 18:24:03.000000000 +0400
+++ STATS/kernel/taskstats.c 2006-10-26 23:44:32.000000000 +0400
@@ -237,14 +237,17 @@ static int fill_tgid(pid_t tgid, struct
} else
get_task_struct(first);
- /* Start with stats from dead tasks */
- spin_lock_irqsave(&first->signal->stats_lock, flags);
- if (first->signal->stats)
- memcpy(stats, first->signal->stats, sizeof(*stats));
- spin_unlock_irqrestore(&first->signal->stats_lock, flags);
tsk = first;
read_lock(&tasklist_lock);
+ /* Start with stats from dead tasks */
+ if (first->signal) {
+ spin_lock_irqsave(&first->signal->stats_lock, flags);
+ if (first->signal->stats)
+ memcpy(stats, first->signal->stats, sizeof(*stats));
+ spin_unlock_irqrestore(&first->signal->stats_lock, flags);
+ }
+
do {
if (tsk->exit_state == EXIT_ZOMBIE && thread_group_leader(tsk))
continue;
@@ -264,7 +267,7 @@ static int fill_tgid(pid_t tgid, struct
* Accounting subsytems can also add calls here to modify
* fields of taskstats.
*/
-
+ put_task_struct(first);
return 0;
}
next reply other threads:[~2006-10-26 23:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-26 23:20 Oleg Nesterov [this message]
2006-10-30 13:49 ` [PATCH 1/6] fill_tgid: fix task_struct leak and possible oops Balbir Singh
2006-10-30 20:34 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061026232052.GA520@oleg \
--to=oleg@tv-sign.ru \
--cc=akpm@osdl.org \
--cc=balbir@in.ibm.com \
--cc=jlan@sgi.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nagar@watson.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox