• Oleg Nesterov's avatar
    [PATCH] bacct_add_tsk: fix unsafe and wrong parent/group_leader dereference · 05d5bcd6
    Oleg Nesterov authored
    1. ts = timespec_sub(uptime, current->group_leader->start_time);
    
       It is possible that current != tsk. Probably it was supposed
       to be 'tsk->group_leader->start_time. But why we are reading
       group_leader's start_time ? This accounting is per thread,
       not per procees, I changed this to 'tsk->start_time.
       Please corect me.
    
    2. stats->ac_ppid = (tsk->parent) ? tsk->parent->pid : 0;
    
       tsk->parent never == NULL, and it is unsafe to dereference it.
       Both the task and it's parent may exit after the caller unlocks
       tasklist_lock, the memory could be unmapped (DEBUG_SLAB).
       (And we should use ->real_parent->tgid in fact).
    
    Q: I don't understand the 'if (thread_group_leader(tsk))' check.
    Why it is needed ?
    Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
    Cc: Shailabh Nagar <nagar@watson.ibm.com>
    Cc: Balbir Singh <balbir@in.ibm.com>
    Acked-by: default avatarJay Lan <jlan@sgi.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    05d5bcd6
tsacct.c 3.48 KB