Re: [patch] x86, ptrace: fix double-free on race
From: Ingo Molnar
Date: Wed Feb 11 2009 - 09:45:40 EST
* Markus Metzger <markus.t.metzger@xxxxxxxxx> wrote:
> Ptrace_detach() races with __ptrace_unlink() if the traced task is
> reaped while detaching. This might cause a double-free of the BTS
> buffer.
>
> Change the ptrace_detach() path to only do the memory accounting in
> ptrace_bts_detach() and leave the buffer free to ptrace_bts_untrace()
> which will be called from __ptrace_unlink().
>
> The fix follows a proposal from Oleg Nesterov.
>
> Reported-by: Oleg Nesterov <oleg@xxxxxxxxxx>
> Signed-off-by: Markus Metzger <markus.t.metzger@xxxxxxxxx>
Applied to tip:x86/urgent, thanks Markus!
Note, i fixed up the comment style to match the rest of ptrace.c,
see the final commit below.
Ingo
-------------------->