linux/fs
Alexey Dobriyan 863c47028e [PATCH] Fix NULL ->nsproxy dereference in /proc/*/mounts
/proc/*/mounstats was fixed, all right, but...

To reproduce:

	while true; do
		find /proc -type f 2>/dev/null | xargs cat 1>/dev/null 2>/dev/null;
	done

BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000c
 printing eip:
c01754df
*pde = 00000000
Oops: 0000 [#28]
Modules linked in: af_packet ohci_hcd e1000 ehci_hcd uhci_hcd usbcore xfs
CPU:    0
EIP:    0060:[<c01754df>]    Not tainted VLI
EFLAGS: 00010286   (2.6.20-rc5 #1)
EIP is at mounts_open+0x1c/0xac
eax: 00000000   ebx: d5898ac0   ecx: d1d27b18   edx: d1d27a50
esi: e6083e10   edi: d3c87f38   ebp: d5898ac0   esp: d3c87ef0
ds: 007b   es: 007b   ss: 0068
Process cat (pid: 18071, ti=d3c86000 task=f7d5f070 task.ti=d3c86000)
Stack: d5898ac0 e6083e10 d3c87f38 c01754c3 c0147c91 c18c52c0 d343f314 d5898ac0
       00008000 d3c87f38 ffffff9c c0147e09 d5898ac0 00000000 00000000 c0147e4b
       00000000 d3c87f38 d343f314 c18c52c0 c015e53e 00001000 08051000 00000101
Call Trace:
 [<c01754c3>] mounts_open+0x0/0xac
 [<c0147c91>] __dentry_open+0xa1/0x18c
 [<c0147e09>] nameidata_to_filp+0x31/0x3a
 [<c0147e4b>] do_filp_open+0x39/0x40
 [<c015e53e>] seq_read+0x128/0x2aa
 [<c0147e8c>] do_sys_open+0x3a/0x6d
 [<c0147efa>] sys_open+0x1c/0x20
 [<c0102b76>] sysenter_past_esp+0x5f/0x85
 [<c02a0033>] unix_stream_recvmsg+0x3bf/0x4bf
 =======================
Code: 5d c3 89 d8 e8 06 e0 f9 ff eb bd 0f 0b eb fe 55 57 56 53 89 d5 8b 40 f0 31 d2 e8 02 c1 fa ff 89 c2 85 c0 74 5c 8b 80 48 04 00 00 <8b> 58 0c 85 db 74 02 ff 03 ff 4a 08 0f 94 c0 84 c0 75 74 85 db
EIP: [<c01754df>] mounts_open+0x1c/0xac SS:ESP 0068:d3c87ef0

A race with do_exit()'s call to exit_namespaces().

Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-01-26 13:50:58 -08:00
..
9p [PATCH] 9p: change uses of f_{dentry,vfsmnt} to use f_path 2006-12-08 08:28:43 -08:00
adfs [PATCH] adfs: fix filename handling 2007-01-05 23:55:22 -08:00
affs [PATCH] affs: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:43 -08:00
afs [PATCH] rename struct namespace to struct mnt_namespace 2006-12-08 08:28:51 -08:00
autofs [PATCH] autofs: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:43 -08:00
autofs4 [PATCH] getting rid of all casts of k[cmz]alloc() calls 2006-12-13 09:05:58 -08:00
befs [PATCH] getting rid of all casts of k[cmz]alloc() calls 2006-12-13 09:05:58 -08:00
bfs [PATCH] update Tigran's email addresses 2006-12-13 09:05:53 -08:00
cifs Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2007-01-24 09:46:54 -08:00
coda [PATCH] struct path: convert coda 2006-12-08 08:28:44 -08:00
configfs [PATCH] configfs: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:43 -08:00
cramfs [PATCH] struct path: convert cramfs 2006-12-08 08:28:44 -08:00
debugfs DebugFS : file/directory removal fix 2006-12-13 15:38:45 -08:00
devpts
dlm [DLM] fix compile warning 2006-12-15 12:51:22 -05:00
ecryptfs [PATCH] ecryptfs: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:43 -08:00
efs [PATCH] struct path: convert efs 2006-12-08 08:28:45 -08:00
exportfs
ext2 [PATCH] LOG2: Implement a general integer log2 facility in the kernel 2006-12-08 08:28:51 -08:00
ext3 [PATCH] LOG2: Implement a general integer log2 facility in the kernel 2006-12-08 08:28:51 -08:00
ext4 [PATCH] ext4: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
fat [PATCH] fat: change uses of f_{dentry,vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
freevxfs [PATCH] struct path: convert freevxfs 2006-12-08 08:28:45 -08:00
fuse [PATCH] fuse: remove clear_page_dirty() call 2006-12-21 09:25:08 -08:00
gfs2 [PATCH] Revert bd_mount_mutex back to a semaphore 2007-01-11 18:18:21 -08:00
hfs [PATCH] struct path: convert hfs 2006-12-08 08:28:45 -08:00
hfsplus [PATCH] struct path: convert hfsplus 2006-12-08 08:28:45 -08:00
hostfs [PATCH] struct path: convert hostfs 2006-12-08 08:28:45 -08:00
hpfs [PATCH] struct path: convert hpfs 2006-12-08 08:28:45 -08:00
hppfs [PATCH] struct path: convert hppfs 2006-12-08 08:28:45 -08:00
hugetlbfs VM: Remove "clear_page_dirty()" and "test_clear_page_dirty()" functions 2006-12-21 09:19:57 -08:00
isofs [PATCH] isofs: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
jbd [PATCH] jbd: wait for already submitted t_sync_datalist buffer to complete 2006-12-22 08:55:51 -08:00
jbd2 [PATCH] jbd2: wait for already submitted t_sync_datalist buffer to complete 2006-12-07 08:39:42 -08:00
jffs Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2007-01-18 10:34:51 +11:00
jffs2 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2007-01-18 10:34:51 +11:00
jfs [PATCH] Fix JFS after clear_page_dirty() removal 2006-12-21 09:24:03 -08:00
lockd [PATCH] getting rid of all casts of k[cmz]alloc() calls 2006-12-13 09:05:58 -08:00
minix [PATCH] struct path: convert minix 2006-12-08 08:28:47 -08:00
msdos
ncpfs [PATCH] ncpfs: ensure we free wdog_pid on parse_option or fill_inode failure 2006-12-13 09:05:53 -08:00
nfs [PATCH] NFS: Fix races in nfs_revalidate_mapping() 2007-01-24 12:31:06 -08:00
nfs_common
nfsd [PATCH] knfsd: Fix up some bit-rot in exp_export 2006-12-13 09:05:54 -08:00
nls [PATCH] fs: make nls_cp936.c handle some U00XY characters and U20AC correctly 2006-12-07 08:39:46 -08:00
ntfs NTFS: Forgot to bump version number in makefile to 2.1.28... 2007-01-18 10:28:18 +00:00
ocfs2 ocfs2: Add backup superblock info to ocfs2_fs.h 2007-01-21 16:20:10 -08:00
openpromfs [PATCH] struct path: convert openpromfs 2006-12-08 08:28:48 -08:00
partitions [MIPS] Rename SNI_RM200_PCI to just SNI_RM preparing for more RM machines 2006-12-09 01:03:58 +00:00
proc [PATCH] Fix NULL ->nsproxy dereference in /proc/*/mounts 2007-01-26 13:50:58 -08:00
qnx4 [PATCH] struct path: convert qnx4 2006-12-08 08:28:48 -08:00
ramfs [PATCH] ramfs breaks without CONFIG_BLOCK 2006-12-30 10:56:42 -08:00
reiserfs [PATCH] resierfs: avoid tail packing if an inode was ever mmapped 2007-01-23 07:52:06 -08:00
romfs [PATCH] struct path: convert romfs 2006-12-08 08:28:49 -08:00
smbfs [PATCH] smbfs: Make conn_pid a struct pid 2006-12-13 09:05:53 -08:00
sysfs [PATCH] sysfs: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:41 -08:00
sysv [PATCH] fs/sysv/: proper prototypes for 2 functions 2006-12-22 08:55:47 -08:00
udf [PATCH] struct path: convert udf 2006-12-08 08:28:50 -08:00
ufs [PATCH] fix garbage instead of zeroes in UFS 2007-01-05 23:55:29 -08:00
vfat
xfs [PATCH] Fix XFS after clear_page_dirty() removal 2006-12-21 10:01:08 -08:00
aio.c [PATCH] Fix lock inversion aio_kick_handler() 2006-12-30 10:55:54 -08:00
attr.c
bad_inode.c [PATCH] fix memory corruption from misinterpreted bad_inode_ops return values 2007-01-05 23:55:23 -08:00
binfmt_aout.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
binfmt_elf_fdpic.c fs: Convert kmalloc() + memset() to kzalloc() in fs/. 2006-12-12 20:07:35 +01:00
binfmt_elf.c [PATCH] i386 vDSO: use VM_ALWAYSDUMP 2007-01-26 13:50:58 -08:00
binfmt_em86.c
binfmt_flat.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
binfmt_misc.c [PATCH] getting rid of all casts of k[cmz]alloc() calls 2006-12-13 09:05:58 -08:00
binfmt_script.c
binfmt_som.c
bio.c [PATCH] optimize o_direct on block devices 2006-12-13 09:05:50 -08:00
block_dev.c [PATCH] fix blk_direct_IO bio preparation 2007-01-23 07:52:06 -08:00
buffer.c Resurrect 'try_to_free_buffers()' VM hackery 2007-01-26 12:47:06 -08:00
char_dev.c
compat_ioctl.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
compat.c [PATCH] fdtable: Make fdarray and fdsets equal in size 2006-12-10 09:57:22 -08:00
dcache.c [PATCH] dcache: avoid RCU for never-hashed dentries 2006-12-07 08:39:41 -08:00
dcookies.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
direct-io.c [PATCH] dio: lock refcount operations 2006-12-10 09:57:21 -08:00
dnotify.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
dquot.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
drop_caches.c
eventpoll.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
exec.c [PATCH] fdtable: Make fdarray and fdsets equal in size 2006-12-10 09:57:22 -08:00
fcntl.c [PATCH] fdtable: Make fdarray and fdsets equal in size 2006-12-10 09:57:22 -08:00
fifo.c
file_table.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
file.c [PATCH] fdtable: Provide free_fdtable() wrapper 2006-12-22 08:55:50 -08:00
filesystems.c
fs-writeback.c Write back inode data pages even when the inode itself is locked 2007-01-26 12:53:20 -08:00
generic_acl.c
inode.c [PATCH] relative atime 2006-12-13 09:05:50 -08:00
inotify_user.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
inotify.c
internal.h
ioctl.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
ioprio.c
Kconfig [PATCH] Make JFFS depend on CONFIG_BROKEN 2006-12-22 08:55:48 -08:00
Kconfig.binfmt
libfs.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
locks.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
Makefile [PATCH] fsstack: Introduce fsstack_copy_{attr,inode}_* 2006-12-08 08:28:40 -08:00
mbcache.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
mpage.c
namei.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
namespace.c [PATCH] relative atime 2006-12-13 09:05:50 -08:00
nfsctl.c
no-block.c
open.c [PATCH] fdtable: Make fdarray and fdsets equal in size 2006-12-10 09:57:22 -08:00
pipe.c [PATCH] fix leaks on pipe(2) failure exits 2006-12-21 00:16:03 -08:00
pnode.c [PATCH] rename struct namespace to struct mnt_namespace 2006-12-08 08:28:51 -08:00
pnode.h [PATCH] rename struct namespace to struct mnt_namespace 2006-12-08 08:28:51 -08:00
posix_acl.c
quota_v1.c
quota_v2.c
quota.c
read_write.c [PATCH] one more EXPORT_UNUSED_SYMBOL removal 2006-12-13 09:05:53 -08:00
read_write.h
readdir.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
select.c [PATCH] fdtable: Make fdarray and fdsets equal in size 2006-12-10 09:57:22 -08:00
seq_file.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
splice.c [PATCH] constify pipe_buf_operations 2006-12-13 09:05:47 -08:00
stack.c [PATCH] fsstack: Remove inode copy 2006-12-22 08:55:48 -08:00
stat.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
super.c [PATCH] Revert bd_mount_mutex back to a semaphore 2007-01-11 18:18:21 -08:00
sync.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00
utimes.c
xattr_acl.c
xattr.c [PATCH] VFS: change struct file to use struct path 2006-12-08 08:28:41 -08:00