The patch titled
bacct_add_tsk: fix unsafe and wrong parent/group_leader dereference
has been removed from the -mm tree. Its filename was
bacct_add_tsk-fix-unsafe-and-wrong-parent-group_leader-dereference.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
Subject: bacct_add_tsk: fix unsafe and wrong parent/group_leader dereference
From: Oleg Nesterov <oleg@xxxxxxxxxx>
1. ts = timespec_sub(uptime, current->group_leader->start_time);
It is possible that current != tsk. Probably it was supposed
to be 'tsk->group_leader->start_time. But why we are reading
group_leader's start_time ? This accounting is per thread,
not per procees, I changed this to 'tsk->start_time.
Please corect me.
2. stats->ac_ppid = (tsk->parent) ? tsk->parent->pid : 0;
tsk->parent never == NULL, and it is unsafe to dereference it.
Both the task and it's parent may exit after the caller unlocks
tasklist_lock, the memory could be unmapped (DEBUG_SLAB).
(And we should use ->real_parent->tgid in fact).
Q: I don't understand the 'if (thread_group_leader(tsk))' check.
Why it is needed ?
Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: Shailabh Nagar <nagar@xxxxxxxxxxxxxx>
Cc: Balbir Singh <balbir@xxxxxxxxxx>
Acked-by: Jay Lan <jlan@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
kernel/tsacct.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff -puN kernel/tsacct.c~bacct_add_tsk-fix-unsafe-and-wrong-parent-group_leader-dereference kernel/tsacct.c
--- a/kernel/tsacct.c~bacct_add_tsk-fix-unsafe-and-wrong-parent-group_leader-dereference
+++ a/kernel/tsacct.c
@@ -36,7 +36,7 @@ void bacct_add_tsk(struct taskstats *sta
/* calculate task elapsed time in timespec */
do_posix_clock_monotonic_gettime(&uptime);
- ts = timespec_sub(uptime, current->group_leader->start_time);
+ ts = timespec_sub(uptime, tsk->start_time);
/* rebase elapsed time to usec */
ac_etime = timespec_to_ns(&ts);
do_div(ac_etime, NSEC_PER_USEC);
@@ -58,7 +58,10 @@ void bacct_add_tsk(struct taskstats *sta
stats->ac_uid = tsk->uid;
stats->ac_gid = tsk->gid;
stats->ac_pid = tsk->pid;
- stats->ac_ppid = (tsk->parent) ? tsk->parent->pid : 0;
+ rcu_read_lock();
+ stats->ac_ppid = pid_alive(tsk) ?
+ rcu_dereference(tsk->real_parent)->tgid : 0;
+ rcu_read_unlock();
stats->ac_utime = cputime_to_msecs(tsk->utime) * USEC_PER_MSEC;
stats->ac_stime = cputime_to_msecs(tsk->stime) * USEC_PER_MSEC;
stats->ac_minflt = tsk->min_flt;
_
Patches currently in -mm which might be from oleg@xxxxxxxxxx are
origin.patch
tty-signal-tty-locking.patch
do_task_stat-dont-take-tty_mutex.patch
do_acct_process-dont-take-tty_mutex.patch
trivial-make-set_special_pids-static.patch
sys_unshare-remove-a-broken-clone_sighand-code.patch
sys_setpgid-eliminate-unnecessary-do_each_task_pidpidtype_pgid.patch
session_of_pgrp-kill-unnecessary-do_each_task_pidpidtype_pgid.patch
pidhash-temporary-debug-checks.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
