linux/fs
Oleg Nesterov b95c35e76b oom: fix the unsafe usage of badness() in proc_oom_score()
proc_oom_score(task) has a reference to task_struct, but that is all.
If this task was already released before we take tasklist_lock

	- we can't use task->group_leader, it points to nowhere

	- it is not safe to call badness() even if this task is
	  ->group_leader, has_intersects_mems_allowed() assumes
	  it is safe to iterate over ->thread_group list.

	- even worse, badness() can hit ->signal == NULL

Add the pid_alive() check to ensure __unhash_process() was not called.

Also, use "task" instead of task->group_leader. badness() should return
the same result for any sub-thread. Currently this is not true, but
this should be changed anyway.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-04-01 08:50:21 -07:00
..
9p 9p: Skip check for mandatory locks when unlocking 2010-03-13 09:05:37 -06:00
adfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
affs Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
afs AFS: Potential null dereference 2010-03-22 09:57:19 -07:00
autofs
autofs4 Use kill_litter_super() in autofs4 ->kill_sb() 2010-03-03 14:07:54 -05:00
befs befs: fix leak 2010-02-07 03:06:21 -05:00
bfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2010-03-18 16:50:55 -07:00
cachefiles CacheFiles: Fix a race in cachefiles_delete_object() vs rename 2010-02-20 10:06:35 -05:00
ceph ceph: fix use after free on mds __unregister_request 2010-03-28 21:23:56 -07:00
cifs Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2010-03-19 09:36:18 -07:00
coda
configfs Fix configfs leak 2010-01-14 09:05:42 -05:00
cramfs
debugfs Lose the new_name argument of fsnotify_move() 2010-02-08 14:38:36 -05:00
devpts devpts_get_tty() should validate inode 2009-12-11 15:18:05 -08:00
dlm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
ecryptfs ecryptfs: use after free 2010-01-19 22:36:06 -06:00
efs
exofs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
exportfs
ext2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-03-05 13:20:53 -08:00
ext3 ext3: fix broken handling of EXT3_STATE_NEW 2010-03-29 14:30:19 -07:00
ext4 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2010-03-25 14:10:53 -07:00
fat fat: fix buffer overflow in vfat_create_shortname() 2010-03-31 10:34:11 -07:00
freevxfs
fscache SLOW_WORK: CONFIG_SLOW_WORK_PROC should be CONFIG_SLOW_WORK_DEBUG 2010-03-29 09:14:47 -07:00
fuse Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
gfs2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-fixes 2010-03-13 14:38:53 -08:00
hfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
hfsplus pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
hostfs
hpfs Don't mess with generic_permission() under ->d_lock in hpfs 2010-03-03 14:07:58 -05:00
hppfs hppfs can use existing proc_mnt, no need for do_kern_mount() in there 2010-03-03 14:08:00 -05:00
hugetlbfs Untangling ima mess, part 1: alloc_file() 2009-12-16 12:16:47 -05:00
isofs Merge branch 'for-2.6.33' of git://linux-nfs.org/~bfields/linux 2009-12-16 10:43:34 -08:00
jbd Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
jbd2 jbd2: clean up an assertion in jbd2_journal_commit_transaction() 2010-02-24 12:11:20 -05:00
jffs2 jffs2: fix up rb_root initializations to use RB_ROOT 2010-03-17 18:43:47 -07:00
jfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-03-05 13:20:53 -08:00
lockd lockd: don't clear sm_monitored on nsm_reboot_lookup 2010-02-08 16:20:35 -05:00
logfs [LogFS] Erase new journal segments 2010-03-29 21:14:52 +02:00
minix pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
ncpfs
nfs NFS: don't try to decode GETATTR if DELEGRETURN returned error 2010-03-22 05:34:13 -04:00
nfs_common
nfsd Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
nilfs2 nilfs2: fix imperfect completion wait in nilfs_wait_on_logs 2010-03-24 01:17:20 +09:00
nls
notify switch inotify_user to anon_inode 2010-02-19 03:35:12 -05:00
ntfs ntfs: use bitmap_weight 2010-03-17 18:43:47 -07:00
ocfs2 ocfs2: Fix a race in o2dlm lockres mastery 2010-03-23 18:22:59 -07:00
omfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
openpromfs
partitions fs/partition/msdos: fix unusable extended partition for > 512B sector 2010-03-24 16:31:22 -07:00
proc oom: fix the unsafe usage of badness() in proc_oom_score() 2010-04-01 08:50:21 -07:00
qnx4 fs/qnx4: decrement sizeof size in strncmp 2010-02-04 11:55:46 +01:00
quota quota: stop using QUOTA_OK / NO_QUOTA 2010-03-05 00:20:31 +01:00
ramfs nommu: fix shared mmap after truncate shrinkage problems 2010-01-16 12:15:40 -08:00
reiserfs reiserfs: properly honor read-only devices 2010-03-24 16:31:21 -07:00
romfs fix leak in romfs_fill_super() 2010-01-26 22:22:26 -05:00
smbfs
squashfs Squashfs: get rid of obsolete definition in header file 2010-03-05 15:35:35 +00:00
sysfs sysfs: Kill unused sysfs_sb variable. 2010-03-07 17:04:52 -08:00
sysv pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
ubifs Revert "lib: build list_sort() only if needed" 2010-03-07 09:54:44 -08:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-udf-2.6 2010-03-12 16:22:50 -08:00
ufs ufs: make solaris fsck happy 2010-03-12 15:52:35 -08:00
xfs xfs: don't warn about page discards on shutdown 2010-03-16 15:40:53 -05:00
aio.c aio: remove unused field 2009-12-16 07:20:13 -08:00
anon_inodes.c anon_inodes: mark the anon inode private 2010-03-12 16:25:23 -08:00
attr.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
bad_inode.c
binfmt_aout.c fs/binfmt_aout.c: fix pointer warnings 2010-03-24 16:31:19 -07:00
binfmt_elf_fdpic.c FDPIC: For-loop in elf_core_vma_data_size() is incorrect 2010-03-24 16:43:29 -07:00
binfmt_elf.c coredump: pass mm->flags as a coredump parameter for consistency 2010-03-06 11:26:46 -08:00
binfmt_em86.c
binfmt_flat.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
bio-integrity.c block: fix bugs in bio-integrity mempool usage 2010-01-30 20:28:19 +01:00
bio.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
block_dev.c freeze_bdev: don't deactivate successfully frozen MS_RDONLY sb 2010-02-07 03:06:21 -05:00
buffer.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
char_dev.c
compat_binfmt_elf.c elf coredump: replace ELF_CORE_EXTRA_* macros by functions 2010-03-06 11:26:45 -08:00
compat_ioctl.c fs/compat_ioctl.c: suppress two warnings 2010-03-06 11:26:35 -08:00
compat.c Add generic sys_old_select() 2010-03-12 15:52:32 -08:00
dcache.c fix race in d_splice_alias() 2010-03-03 14:13:08 -05:00
dcookies.c
direct-io.c dio: fix use-after-free 2009-12-17 04:52:13 -05:00
drop_caches.c
eventfd.c eventfd - allow atomic read and waitqueue remove 2010-01-25 12:26:38 -02:00
eventpoll.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
exec.c coredump: suppress uid comparison test if core output files are pipes 2010-03-06 11:26:46 -08:00
fcntl.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
fifo.c
file_table.c vfs: take f_lock on modifying f_mode after open time 2010-03-06 11:26:25 -08:00
file.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
filesystems.c
fs_struct.c
fs-writeback.c pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
generic_acl.c make generic_acl slightly more generic 2009-12-16 12:16:49 -05:00
inode.c dquot: move dquot initialization responsibility into the filesystem 2010-03-05 00:20:30 +01:00
internal.h Take vfsmount_lock to fs/internal.h 2010-03-03 14:07:59 -05:00
ioctl.c
ioprio.c
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-03-19 09:43:06 -07:00
Kconfig.binfmt
libfs.c libfs: Unexport and kill simple_prepare_write 2010-03-03 13:00:17 -05:00
locks.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-03-19 09:43:06 -07:00
mbcache.c
mpage.c Fix misspellings of "invocation" in comments. 2010-02-04 11:55:45 +01:00
namei.c Restore LOOKUP_DIRECTORY hint handling in final lookup on open() 2010-03-26 12:41:05 -04:00
namespace.c vfs: add NOFOLLOW flag to umount(2) 2010-03-03 14:08:00 -05:00
nfsctl.c Switch may_open() and break_lease() to passing O_... 2010-03-03 13:00:21 -05:00
no-block.c
open.c Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-03-05 13:20:53 -08:00
pipe.c fs: no games with DCACHE_UNHASHED 2009-12-17 10:51:40 -05:00
pnode.c Kill CL_PROPAGATION, sanitize fs/pnode.c:get_source() 2010-03-03 13:00:22 -05:00
pnode.h VFS: Clean up shared mount flag propagation 2010-03-03 14:07:55 -05:00
posix_acl.c
read_write.c do_sync_read/write() should set kiocb.ki_nbytes to be consistent 2010-03-24 16:43:29 -07:00
read_write.h
readdir.c
select.c Add generic sys_old_select() 2010-03-12 15:52:32 -08:00
seq_file.c seq_file: fix new kernel-doc warnings 2010-03-07 15:48:26 -08:00
signalfd.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
splice.c
stack.c VFS/fsstack: handle 32-bit smp + preempt + large files in fsstack_copy_inode_size 2009-12-17 10:58:17 -05:00
stat.c Add unlocked version of inode_add_bytes() function 2009-12-23 13:33:54 +01:00
super.c Mirror MS_KERNMOUNT in ->mnt_flags 2010-03-03 14:08:00 -05:00
sync.c quota: move code from sync_quota_sb into vfs_quota_sync 2010-03-05 00:20:24 +01:00
timerfd.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
utimes.c
xattr_acl.c
xattr.c sanitize xattr handler prototypes 2009-12-16 12:16:49 -05:00