Re: [PATCH] fs/proc: Fix NULL pointer dereference in pid_delete_dentry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Dec 09, 2020 at 07:21:00PM +0800, Yahu Gao wrote:
> Get the staus of task from the pointer of proc inode directly is not
> safe. The function get_proc_task make it happen in RCU protection.

This is completely broken,  get_proc_task() acquires a reference to
task_struct; your patch is an instant leak.

> Signed-off-by: Yahu Gao <yahu.gao@xxxxxxxxxxxxx>
> ---
>  fs/proc/base.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 1bc9bcdef09f..05f33bb35067 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -1994,7 +1994,7 @@ static int pid_revalidate(struct dentry *dentry, unsigned int flags)
>  
>  static inline bool proc_inode_is_dead(struct inode *inode)
>  {
> -	return !proc_pid(inode)->tasks[PIDTYPE_PID].first;
> +	return !get_proc_task(inode);
>  }
>  
>  int pid_delete_dentry(const struct dentry *dentry)
> -- 
> 2.25.1
>
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux