The patch titled
proc-readdir-race-fix-take-3-fix-3 fix
has been added to the -mm tree. Its filename is
proc-readdir-race-fix-take-3-race-fix.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: proc-readdir-race-fix-take-3-fix-3 fix
From: Oleg Nesterov <oleg@xxxxxxxxxx>
On 09/07, Oleg Nesterov wrote:
>
> On 09/06, Jean Delvare wrote:
> >
> > On Wednesday 6 September 2006 11:01, Jean Delvare wrote:
> > > Eric, Kame, thanks a lot for working on this. I'll be giving some good
> > > testing to this patch today, and will return back to you when I'm done.
> >
> > The original issue is indeed fixed, but there's a problem with the patch.
> > When stressing /proc (to verify the bug was fixed), my test machine ended
> > up crashing. Here are the 2 traces I found in the logs:
> >
> > Sep 6 12:06:00 arrakis kernel: BUG: warning at
> > kernel/fork.c:113/__put_task_struct()
> > Sep 6 12:06:00 arrakis kernel: [<c0115f93>] __put_task_struct+0xf3/0x100
> > Sep 6 12:06:00 arrakis kernel: [<c019666a>] proc_pid_readdir+0x13a/0x150
> > Sep 6 12:06:00 arrakis kernel: [<c01745f0>] vfs_readdir+0x80/0xa0
> > Sep 6 12:06:00 arrakis kernel: [<c0174750>] filldir+0x0/0xd0
> > Sep 6 12:06:00 arrakis kernel: [<c017488c>] sys_getdents+0x6c/0xb0
> > Sep 6 12:06:00 arrakis kernel: [<c0174750>] filldir+0x0/0xd0
> > Sep 6 12:06:00 arrakis kernel: [<c0102fb7>] syscall_call+0x7/0xb
>
> If the task found is not a group leader, we go to retry, but
> the task != NULL.
>
> Now, if find_ge_pid(tgid) returns NULL, we return that wrong
> task, and it was not get_task_struct()'ed.
Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: Jean Delvare <jdelvare@xxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/proc/base.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
diff -puN fs/proc/base.c~proc-readdir-race-fix-take-3-race-fix fs/proc/base.c
--- a/fs/proc/base.c~proc-readdir-race-fix-take-3-race-fix
+++ a/fs/proc/base.c
@@ -2150,9 +2150,9 @@ static struct task_struct *next_tgid(uns
struct task_struct *task;
struct pid *pid;
- task = NULL;
rcu_read_lock();
retry:
+ task = NULL;
pid = find_ge_pid(tgid);
if (pid) {
tgid = pid->nr + 1;
_
Patches currently in -mm which might be from oleg@xxxxxxxxxx are
git-block.patch
pid-implement-transfer_pid-and-use-it-to-simplify-de_thread.patch
pid-remove-temporary-debug-code-in-attach_pid.patch
rtmutex-clean-up-and-remove-some-extra-spinlocks.patch
rtmutex-clean-up-and-remove-some-extra-spinlocks-more.patch
elf_core_dump-dont-take-tasklist_lock.patch
elf_fdpic_core_dump-dont-take-tasklist_lock.patch
has_stopped_jobs-cleanup.patch
__dequeue_signal-cleanup.patch
do_sched_setscheduler-dont-take-tasklist_lock.patch
introduce-is_rt_policy-helper.patch
sched_setscheduler-fix-policy-checks.patch
reparent_to_init-use-has_rt_policy.patch
copy_process-cosmetic-ioprio-tweak.patch
futex_find_get_task-dont-take-tasklist_lock.patch
sys_get_robust_list-dont-take-tasklist_lock.patch
set-exit_dead-state-in-do_exit-not-in-schedule.patch
kill-pf_dead-flag.patch
introduce-task_dead-state.patch
select_bad_process-kill-a-bogus-pf_dead-task_dead-check.patch
select_bad_process-cleanup-releasing-check.patch
oom_kill_task-cleanup-mm-checks.patch
audit-accounting-tty-locking.patch
proc-readdir-race-fix-take-3-race-fix.patch
simplify-pid-iterators.patch
pidhash-temporary-debug-checks.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
