From: Nick Piggin <npiggin@suse.de>
Date: Tue, 6 Mar 2007 10:34:25 +0000 (-0800)
Subject: [IA64] permon use-after-free fix
X-Git-Tag: v2.6.21-rc3~14^2~1
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41d5e5d73ecef4ef56b7b4cde962929a712689b4;p=pandora-kernel.git

[IA64] permon use-after-free fix

Perfmon associates vmalloc()ed memory with a file descriptor, and installs
a vma mapping that memory.  Unfortunately, the vm_file field is not filled
in, so processes with mappings to that memory do not prevent the file from
being closed and the memory freed.  This results in use-after-free bugs and
multiple freeing of pages, etc.

I saw this bug on an Altix on SLES9.  Haven't reproduced upstream but it
looks like the same issue is there.

Signed-off-by: Nick Piggin <npiggin@suse.de>
Cc: Stephane Eranian <eranian@hpl.hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
---

Reading git-diff-tree failed