Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Latest commit 81b1a83 Eric Dumazet committed with pidns: fix NULL dereference in __task_pid_nr_ns()
I got a crash during a "perf top" session that was caused by a race in
__task_pid_nr_ns() :

pid_nr_ns() was inlined, but apparently compiler chose to read
task->pids[type].pid twice, and the pid->level dereference crashed
because we got a NULL pointer at the second read :

    if (pid && ns->level <= pid->level) { // CRASH

Just use RCU API properly to solve this race, and not worry about "perf
top" crashing hosts :(

get_task_pid() can benefit from same fix.

Signed-off-by: Eric Dumazet <>
Signed-off-by: Linus Torvalds <>
Failed to load latest commit information.
bpf bpf, verifier: annotate verbose printer with __printf
configs kconfig: add xenconfig defconfig helper
debug debug: prevent entering debug mode on panic/exception.
events Merge branch 'perf-urgent-for-linus' of git://…
gcov gcov: add support for GCC 5.1
irq Merge branches 'irq-urgent-for-linus' and 'timers-urgent-for-linus' o…
livepatch livepatch: x86: fix relocation computation with kASLR
locking mm, page_alloc: distinguish between being unable to sleep, unwilling …
power mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM
printk printk: prevent userland from spoofing kernel messages
rcu Merge branches 'doc.2015.10.06a', 'percpu-rwsem.2015.10.06a' and 'tor…
sched Merge branch 'sched-urgent-for-linus' of git://…
time Merge branches 'irq-urgent-for-linus' and 'timers-urgent-for-linus' o…
trace Merge tag 'trace-v4.4-2' of git://…
.gitignore certs: add .gitignore to stop git nagging about x509_certificate_list
Kconfig.hz kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS
Kconfig.locks locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS
Kconfig.preempt locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
Makefile sys_membarrier(): system-wide memory barrier (generic, x86)
acct.c acct: check FMODE_CAN_WRITE
async.c kernel/async.c: switch to pr_foo()
audit.c mm, page_alloc: distinguish between being unable to sleep, unwilling …
audit.h audit: audit_tree_match can be boolean
audit_fsnotify.c audit: clean simple fsnotify implementation
audit_tree.c audit: audit_tree_match can be boolean
audit_watch.c Merge branch 'upstream' of git://
auditfilter.c audit: fix comment block whitespace
auditsc.c Merge branch 'upstream' of git://
backtracetest.c kernel/backtracetest.c: replace no level printk by pr_info()
bounds.c page-cgroup: get rid of NR_PCG_FLAGS
capability.c kernel: conditionally support non-root users, groups and capabilities
cgroup.c mm, page_alloc: distinguish between being unable to sleep, unwilling …
cgroup_freezer.c cgroup: allow a cgroup subsystem to reject a fork
cgroup_pids.c cgroup: add cgroup_subsys->free() method and use it to fix pids contr…
compat.c compat: cleanup coding in compat_get_bitmap() and compat_put_bitmap()
configs.c proc: Supply PDE attribute setting accessor functions
context_tracking.c context_tracking: avoid irq_save/irq_restore on guest entry and exit
cpu.c Merge branch 'sched-core-for-linus' of git://…
cpu_pm.c kernel/cpu_pm: fix cpu_cluster_pm_exit comment
cpuset.c Merge branch 'akpm' (patches from Andrew)
crash_dump.c crash_dump: Make is_kdump_kernel() accessible from modules
cred.c kernel/cred.c: remove unnecessary kdebug atomic reads
delayacct.c delayacct: Remove braindamaged type conversions
dma.c Remove all #inclusions of asm/system.h
elfcore.c switch elf_core_write_extra_phdrs() to dump_emit()
exec_domain.c Remove rest of exec domains.
exit.c Merge branch 'sched-core-for-linus' of git://…
extable.c kernel/extable.c: remove duplicated include
fork.c Merge branch 'akpm' (patches from Andrew)
freezer.c freezer: remove obsolete comments in __thaw_task()
futex.c Merge tag 'driver-core-4.4-rc1' of git://…
futex_compat.c compat: Get rid of (get|put)_compat_time(val|spec)
groups.c kernel: conditionally support non-root users, groups and capabilities
hung_task.c kernel/hung_task.c: change hung_task.c to use for_each_process_thread()
irq_work.c percpu: Convert remaining __get_cpu_var uses in 3.18-rcX
jump_label.c locking/static_keys: Add selftest
kallsyms.c kernel/kallsyms.c: use __seq_open_private()
kcmp.c kcmp: fix standard comparison bug
kexec.c kexec: use file name as the output message prefix
kexec_core.c kexec: use file name as the output message prefix
kexec_file.c kexec: use file name as the output message prefix
kexec_internal.h kexec: split kexec_file syscall code to kexec_file.c
kmod.c kmod: don't run async usermode helper as a child of kworker thread
kprobes.c perf/x86/hw_breakpoints: Disallow kernel breakpoints unless kprobe-safe
ksysfs.c kexec: split kexec_load syscall from kexec core code
kthread.c kernel/kthread.c:kthread_create_on_node(): clarify documentation
latencytop.c kernel/latencytop.c: convert seq_printf to seq_puts
membarrier.c sys_membarrier(): system-wide memory barrier (generic, x86)
memremap.c Merge tag 'libnvdimm-for-4.4' of git://…
module-internal.h KEYS: Separate the kernel signature checking keyring from module signing
module.c module: Fix locking in symbol_put_addr()
module_signing.c KEYS: Merge the type-specific data with the payload data
notifier.c Merge branch 'x86-asm-for-linus' of git://…
nsproxy.c bury struct proc_ns in fs/proc
padata.c padata: use %*pb[l] to print bitmaps including cpumasks and nodemasks
panic.c kernel/panic.c: turn off locks debug before releasing console lock
params.c Merge tag 'modules-next-for-linus' of git://…
pid.c pidns: fix NULL dereference in __task_pid_nr_ns()
pid_namespace.c Merge branch 'for-linus' of git://…
profile.c mm: rename alloc_pages_exact_node() to __alloc_pages_node()
ptrace.c seccomp, ptrace: add support for dumping seccomp filters
range.c kernel: avoid overflow in cmp_range
reboot.c kexec: split kexec_load syscall from kexec core code
relay.c kernel/relay.c: use kvfree() in relay_free_page_array()
resource.c mm: enhance region_is_ram() to region_intersects()
seccomp.c seccomp, ptrace: add support for dumping seccomp filters
signal.c kernel/signal.c: unexport sigsuspend()
smp.c mm, page_alloc: distinguish between being unable to sleep, unwilling …
smpboot.c stop_machine: Kill smp_hotplug_thread->pre_unpark, introduce stop_mac…
smpboot.h smpboot: Provide infrastructure for percpu hotplug threads
softirq.c Merge branch 'locking-core-for-linus' of git://…
stacktrace.c stacktrace: introduce snprint_stack_trace for buffer output
stop_machine.c sched: Move cpu_active() tests from stop_two_cpus() into migrate_swap…
sys.c pidns: fix set/getpriority and ioprio_set/get in PRIO_USER mode
sys_ni.c mm: mlock: add new mlock system call
sysctl.c kernel/watchdog.c: add sysctl knob hardlockup_panic
sysctl_binary.c kernel: add panic_on_warn
task_work.c task_work: remove fifo ordering guarantee
taskstats.c netlink: make nlmsg_end() and genlmsg_end() void
test_kprobes.c kernel/test_kprobes.c: use current logging functions
torture.c torture: Consolidate cond_resched_rcu_qs() into stutter_wait()
tracepoint.c tracepoint: Give priority to probes of tracepoints
tsacct.c sched: Make task->start_time nanoseconds based
uid16.c groups: Consolidate the setgroups permission checks
up.c smp: Rename __smp_call_function_single() to smp_call_function_single_…
user-return-notifier.c scheduler: Replace __get_cpu_var with this_cpu_ptr
user.c Merge branch 'for-linus' of git://…
user_namespace.c capabilities: ambient capabilities
utsname.c copy address of proc_ns_ops into ns_common
utsname_sysctl.c sysctl: convert use of typedef ctl_table to struct ctl_table
watchdog.c kernel/watchdog.c: fix race between proc_watchdog_thresh() and watchd…
workqueue.c Merge branch 'for-4.4' of git://…
workqueue_internal.h workqueue: rename manager_mutex to attach_mutex
Something went wrong with that request. Please try again.