diff options
author | Markus Metzger <markus.t.metzger@intel.com> | 2009-02-11 09:10:27 -0500 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-02-11 09:44:20 -0500 |
commit | 9f339e7028e2855717af3193c938f9960ad13b38 (patch) | |
tree | 76e0e9181f4ee2b324742d517518e837d5c250bf /include | |
parent | 06eb23b1ba39c61ee5d5faeb42a097635693e370 (diff) |
x86, ptrace, mm: fix double-free on race
Ptrace_detach() races with __ptrace_unlink() if the traced task is
reaped while detaching. This might cause a double-free of the BTS
buffer.
Change the ptrace_detach() path to only do the memory accounting in
ptrace_bts_detach() and leave the buffer free to ptrace_bts_untrace()
which will be called from __ptrace_unlink().
The fix follows a proposal from Oleg Nesterov.
Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Markus Metzger <markus.t.metzger@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/mm.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/mm.h b/include/linux/mm.h index e8ddc98b8405..3d7fb44d7d7e 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h | |||
@@ -1305,5 +1305,6 @@ void vmemmap_populate_print_last(void); | |||
1305 | 1305 | ||
1306 | extern void *alloc_locked_buffer(size_t size); | 1306 | extern void *alloc_locked_buffer(size_t size); |
1307 | extern void free_locked_buffer(void *buffer, size_t size); | 1307 | extern void free_locked_buffer(void *buffer, size_t size); |
1308 | extern void release_locked_buffer(void *buffer, size_t size); | ||
1308 | #endif /* __KERNEL__ */ | 1309 | #endif /* __KERNEL__ */ |
1309 | #endif /* _LINUX_MM_H */ | 1310 | #endif /* _LINUX_MM_H */ |