[PATCH] sys_getppid oopses on debug kernel (v2)

[Kirill Korotaev]

sys_getppid() optimization can access a freed memory.
On kernels with DEBUG_SLAB turned ON, this results in Oops.
As Dave Hansen noted, this optimization is also unsafe
for memory hotplug.

So this patch always takes the lock to be safe.

Signed-Off-By: Kirill Korotaev <dev@xxxxxxxxxx>


--- ./kernel/timer.c.ppiddbg	2006-07-14 19:11:06.000000000 +0400
+++ ./kernel/timer.c	2006-08-08 19:45:57.000000000 +0400
@@ -1342,28 +1342,11 @@ asmlinkage long sys_getpid(void)
asmlinkage long sys_getppid(void)
{
	int pid;
-	struct task_struct *me = current;
-	struct task_struct *parent;

-	parent = me->group_leader->real_parent;
-	for (;;) {
-		pid = parent->tgid;
-#if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT)
-{
-		struct task_struct *old = parent;
+	read_lock(&tasklist_lock);
+	pid = current->group_leader->real_parent->tgid;
+	read_unlock(&tasklist_lock);

-		/*
-		 * Make sure we read the pid before re-reading the
-		 * parent pointer:
-		 */
-		smp_rmb();
-		parent = me->group_leader->real_parent;
-		if (old != parent)
-			continue;
-}
-#endif
-		break;
-	}
	return pid;
}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/