• Eric Dumazet's avatar
    pidns: fix NULL dereference in __task_pid_nr_ns() · 81b1a832
    Eric Dumazet authored
    I got a crash during a "perf top" session that was caused by a race in
    __task_pid_nr_ns() :
    
    pid_nr_ns() was inlined, but apparently compiler chose to read
    task->pids[type].pid twice, and the pid->level dereference crashed
    because we got a NULL pointer at the second read :
    
        if (pid && ns->level <= pid->level) { // CRASH
    
    Just use RCU API properly to solve this race, and not worry about "perf
    top" crashing hosts :(
    
    get_task_pid() can benefit from same fix.
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    81b1a832
pid.c 15 KB