Re: BUG: Use after free in detach_pid

From: Andrew Morton (akpm@digeo.com)
Date: Sat Mar 22 2003 - 15:44:47 EST

Next message: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
Previous message: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
In reply to: Manfred Spraul: "Re: BUG: Use after free in detach_pid"
Next in thread: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
Reply: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
Reply: William Lee Irwin III: "Re: BUG: Use after free in detach_pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Manfred Spraul <manfred@colorfullife.com> wrote:
>
> You mentioned that the last detach_pid() within __unhash_process oopsed. That means the reference count of the task structure was off by one, and the
> put_task_struct(pid->task)
> within
> detach_pid(p,PIDTYPE_PGID);
> freed the task structure.
>

Might be related to http://bugme.osdl.org/show_bug.cgi?id=482
in which someone did put_task_struct() on an already-freed task_struct.

And that was a uniprocessor without pgcl gunk.

It is not known whether preemption was enabled?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
Previous message: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
In reply to: Manfred Spraul: "Re: BUG: Use after free in detach_pid"
Next in thread: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
Reply: Zwane Mwaikambo: "Re: BUG: Use after free in detach_pid"
Reply: William Lee Irwin III: "Re: BUG: Use after free in detach_pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:42 EST