Skip to content

Commit

Permalink
[PATCH] xacct_add_tsk: fix pure theoretical ->mm use-after-free
Browse files Browse the repository at this point in the history 
Paranoid fix. The task can free its ->mm after the 'if (p->mm)' check.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Shailabh Nagar <nagar@watson.ibm.com>
Cc: Balbir Singh <balbir@in.ibm.com>
Cc: Jay Lan <jlan@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
  • Loading branch information
Oleg Nesterov authored and Linus Torvalds committed Oct 30, 2006
1 parent d45e44d commit f0ec1aa
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions kernel/tsacct.c
View file
Expand Up @@ -80,13 +80,17 @@ void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk)
*/
void xacct_add_tsk(struct taskstats *stats, struct task_struct *p)
{
struct mm_struct *mm;

/* convert pages-jiffies to Mbyte-usec */
stats->coremem = jiffies_to_usecs(p->acct_rss_mem1) * PAGE_SIZE / MB;
stats->virtmem = jiffies_to_usecs(p->acct_vm_mem1) * PAGE_SIZE / MB;
if (p->mm) {
mm = get_task_mm(p);
if (mm) {
/* adjust to KB unit */
stats->hiwater_rss = p->mm->hiwater_rss * PAGE_SIZE / KB;
stats->hiwater_vm = p->mm->hiwater_vm * PAGE_SIZE / KB;
stats->hiwater_rss = mm->hiwater_rss * PAGE_SIZE / KB;
stats->hiwater_vm = mm->hiwater_vm * PAGE_SIZE / KB;
mmput(mm);
}
stats->read_char = p->rchar;
stats->write_char = p->wchar;
Expand Down

0 comments on commit f0ec1aa

Please sign in to comment.