In case if proc_pid_make_inode() steps on exiting task we do
iput() and return NULL. Unfortunately, in that case inode->i_ino
doesn't look like inumber of a per-process inode and we take the
wrong path in proc_delete_inode(). I.e. do dput(PDE(inode)). Which
is left uninitialized...
We used to get out with that almost by accident - that code
worked only because we had zeroed out one field of union and that
guaranteed that another field would be NULL. It worked, but broke
at the first occasion.
Fix:
--- linux/fs/proc/base.c Tue Feb 19 22:33:04 2002
+++ linux/fs/proc/base.c.fix Fri Mar 15 08:42:19 2002
@@ -730,6 +730,7 @@
return inode;
out_unlock:
+ ei->pde = NULL;
iput(inode);
return NULL;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 15 2002 - 22:00:20 EST