1
linux/fs/proc
Alexey Dobriyan 863c47028e [PATCH] Fix NULL ->nsproxy dereference in /proc/*/mounts
/proc/*/mounstats was fixed, all right, but...

To reproduce:

	while true; do
		find /proc -type f 2>/dev/null | xargs cat 1>/dev/null 2>/dev/null;
	done

BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000c
 printing eip:
c01754df
*pde = 00000000
Oops: 0000 [#28]
Modules linked in: af_packet ohci_hcd e1000 ehci_hcd uhci_hcd usbcore xfs
CPU:    0
EIP:    0060:[<c01754df>]    Not tainted VLI
EFLAGS: 00010286   (2.6.20-rc5 #1)
EIP is at mounts_open+0x1c/0xac
eax: 00000000   ebx: d5898ac0   ecx: d1d27b18   edx: d1d27a50
esi: e6083e10   edi: d3c87f38   ebp: d5898ac0   esp: d3c87ef0
ds: 007b   es: 007b   ss: 0068
Process cat (pid: 18071, ti=d3c86000 task=f7d5f070 task.ti=d3c86000)
Stack: d5898ac0 e6083e10 d3c87f38 c01754c3 c0147c91 c18c52c0 d343f314 d5898ac0
       00008000 d3c87f38 ffffff9c c0147e09 d5898ac0 00000000 00000000 c0147e4b
       00000000 d3c87f38 d343f314 c18c52c0 c015e53e 00001000 08051000 00000101
Call Trace:
 [<c01754c3>] mounts_open+0x0/0xac
 [<c0147c91>] __dentry_open+0xa1/0x18c
 [<c0147e09>] nameidata_to_filp+0x31/0x3a
 [<c0147e4b>] do_filp_open+0x39/0x40
 [<c015e53e>] seq_read+0x128/0x2aa
 [<c0147e8c>] do_sys_open+0x3a/0x6d
 [<c0147efa>] sys_open+0x1c/0x20
 [<c0102b76>] sysenter_past_esp+0x5f/0x85
 [<c02a0033>] unix_stream_recvmsg+0x3bf/0x4bf
 =======================
Code: 5d c3 89 d8 e8 06 e0 f9 ff eb bd 0f 0b eb fe 55 57 56 53 89 d5 8b 40 f0 31 d2 e8 02 c1 fa ff 89 c2 85 c0 74 5c 8b 80 48 04 00 00 <8b> 58 0c 85 db 74 02 ff 03 ff 4a 08 0f 94 c0 84 c0 75 74 85 db
EIP: [<c01754df>] mounts_open+0x1c/0xac SS:ESP 0068:d3c87ef0

A race with do_exit()'s call to exit_namespaces().

Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-01-26 13:50:58 -08:00
..
array.c [PATCH] add process_session() helper routine: deprecate old field 2006-12-08 08:28:51 -08:00
base.c [PATCH] Fix NULL ->nsproxy dereference in /proc/*/mounts 2007-01-26 13:50:58 -08:00
generic.c [PATCH] proc: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
inode-alloc.txt
inode.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
internal.h [PATCH] NOMMU: Implement /proc/pid/maps for NOMMU 2006-09-27 08:26:14 -07:00
kcore.c [PATCH] elf: fix kcore note size calculation 2006-12-07 08:39:38 -08:00
kmsg.c
Makefile [PATCH] remove the syslog interface when printk is disabled 2006-12-07 08:39:38 -08:00
mmu.c
nommu.c [PATCH] proc: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
proc_devtree.c
proc_misc.c [PATCH] fix linux banner format string 2007-01-10 09:33:59 -08:00
proc_tty.c
root.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
task_mmu.c [PATCH] proc: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
task_nommu.c [PATCH] proc: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
vmcore.c