ANDROID: Take reference to task_struct with in the rcu section
An issue is reported where the following sequence occurred
1) In lowmem_scan path, task to kill gets selected and SIGKILL
is sent.
2) Task receives the signal or it can already be in its exit path
and it does put_task_struct which makes cred as NULL.
3) Now in lowmem_scan path get_task_struct is done followed by
put_task_struct which will result in accessing cred which is
already NULL.
Unable to handle kernel NULL pointer dereference at virtual address
00000000
...
PC is at exit_creds+0x1c/0x70
LR is at __put_task_struct+0x44/0x134
[<000000003316722f>] exit_creds+0x1c/0x70
[<000000004966ea42>] __put_task_struct+0x44/0x134
[<000000004fa7fb71>] lowmem_scan+0x6f8/0x1078
[<000000007d2818cd>] shrink_slab.part.65+0x1fc/0x4e8
[<00000000cb140f16>] shrink_node+0x9c/0x20c
[<00000000afe7461e>] kswapd+0x28c/0x534
[<000000003df446ee>] kthread+0xe0/0xf4
[<00000000f357571f>] ret_from_fork+0x10/0x20
To avoid this take reference to task struct with in the rcu section
so that the task_struct remains intact.
Change-Id: I2752cb17768cc6011502688212040bf90b0c56e7
Signed-off-by: Vijayanand Jitta <vjitta@codeaurora.org>
1 file changed