From: Markus Metzger <markus.t.metzger@intel.com>
Date: Wed, 11 Feb 2009 14:10:27 +0000 (+0100)
Subject: x86, ptrace, mm: fix double-free on race
X-Git-Tag: v2.6.29-rc6~74^2~8
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f339e7028e2855717af3193c938f9960ad13b38;p=pandora-kernel.git

x86, ptrace, mm: fix double-free on race

Ptrace_detach() races with __ptrace_unlink() if the traced task is
reaped while detaching. This might cause a double-free of the BTS
buffer.

Change the ptrace_detach() path to only do the memory accounting in
ptrace_bts_detach() and leave the buffer free to ptrace_bts_untrace()
which will be called from __ptrace_unlink().

The fix follows a proposal from Oleg Nesterov.

Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Markus Metzger <markus.t.metzger@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---

Reading git-diff-tree failed