[PATCH] xacct_add_tsk: fix pure theoretical ->mm use-after-free

Paranoid fix. The task can free its ->mm after the 'if (p->mm)' check. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Shailabh Nagar <nagar@watson.ibm.com> Cc: Balbir Singh <balbir@in.ibm.com> Cc: Jay Lan <jlan@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Oleg Nesterov <oleg@tv-sign.ru> 2006-10-29 22:46:43 -0800
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-10-30 12:08:41 -0800
commit: f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9 (patch)
tree: 61202a09a030d659064df65e127b9be1c571c48c
parent: d45e44d4be60ef508579001792f33753b5cb6d36 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/kernel/tsacct.c b/kernel/tsacct.c
index 65a5036a3d9..96f77013d3f 100644
--- a/kernel/tsacct.c
+++ b/kernel/tsacct.c
@@ -80,13 +80,17 @@ void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk)
  */
 void xacct_add_tsk(struct taskstats *stats, struct task_struct *p)
 {
+	struct mm_struct *mm;
+
 	/* convert pages-jiffies to Mbyte-usec */
 	stats->coremem = jiffies_to_usecs(p->acct_rss_mem1) * PAGE_SIZE / MB;
 	stats->virtmem = jiffies_to_usecs(p->acct_vm_mem1) * PAGE_SIZE / MB;
-	if (p->mm) {
+	mm = get_task_mm(p);
+	if (mm) {
 		/* adjust to KB unit */
-		stats->hiwater_rss   = p->mm->hiwater_rss * PAGE_SIZE / KB;
-		stats->hiwater_vm    = p->mm->hiwater_vm * PAGE_SIZE / KB;
+		stats->hiwater_rss   = mm->hiwater_rss * PAGE_SIZE / KB;
+		stats->hiwater_vm    = mm->hiwater_vm * PAGE_SIZE / KB;
+		mmput(mm);
 	}
 	stats->read_char	= p->rchar;
 	stats->write_char	= p->wchar;
author	Oleg Nesterov <oleg@tv-sign.ru>	2006-10-29 22:46:43 -0800
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-10-30 12:08:41 -0800
commit	f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9 (patch)
tree	61202a09a030d659064df65e127b9be1c571c48c
parent	d45e44d4be60ef508579001792f33753b5cb6d36 (diff)