[PATCH] race condition in procfs

• Previous message: Michael Krufky: "Re: cx88 totally fried in 2.6.15-rcX -was- Re: HD3000 - no NTSC via tuner"
• Next in thread: Andrew Morton: "Re: [PATCH] race condition in procfs"
• Reply: Andrew Morton: "Re: [PATCH] race condition in procfs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Tue, 29 Nov 2005 08:17:22 +0100
To: linux-kernel@vger.kernel.org

Hello,

I found a race condition in procfs on SMP systems. The result is an
oops in processes like pidof. Apparently ->proc_read() gets passed a
potentially NULL pointer. The following micro-patch seems to fix it.

Best regards,
 Grzegorz Nosek

--- linux-2.6/fs/proc/base.c.orig 2005-11-25 00:07:43.000000000 +0100
+++ linux-2.6/fs/proc/base.c 2005-11-28 11:44:11.000000000 +0100
@@ -718,6 +718,9 @@
       ssize_t length;
       struct task_struct *task = proc_task(inode);

+ if (!task)
+ return -ENOENT;
+
       if (count > PROC_BLOCK_SIZE)
               count = PROC_BLOCK_SIZE;
       if (!(page = __get_free_page(GFP_KERNEL)))
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Michael Krufky: "Re: cx88 totally fried in 2.6.15-rcX -was- Re: HD3000 - no NTSC via tuner"
• Next in thread: Andrew Morton: "Re: [PATCH] race condition in procfs"
• Reply: Andrew Morton: "Re: [PATCH] race condition in procfs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

• Re: Oops in 2.6.10-rc1
  ... The solution is to change the variable arg to a pointer, ... As it is, your
  oops ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ...
  send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)
• Re: [linux-usb-devel] Re: [OOPS] reproducible oops with 2.6.5-rc2-bk3
  ... the oops you saw shouldn't happen so long as ... > in the cdc-acm probe
  routine maybe it was a null pointer. ... send the line "unsubscribe linux-kernel"
  in ... (Linux-Kernel)
• Re: Oops in swsusp
  ... > The Oops is caused by a NULL pointer (I don't remember if it was source ...
  > or destination). ... > This Oops seems to be unrelated to the encrypted
  image addition as I ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)
• Re: Oops with tmpfs on both 2.4.22 & 2.6.0-test11
  ... >> 2.4 hit NULL and this pointer is total garbage. ... > This
  oops is completely understood. ... send the line "unsubscribe linux-kernel" in ...
  (Linux-Kernel)
• Re: ALSA bugs with 2.6.12-rc1
  ... > It seems that 2.6.12-rc1 introduced an ALSA bug generating an oops for a ...
  > Unable to handle kernel NULL pointer dereference at virtual address ... This only
  happens when you mismatch your kernel and alsa-lib versions, ... send the line "unsubscribe
  linux-kernel" in ... (Linux-Kernel)