The return value of futex_find_get_task() needs to be -ESRCH in case that the search fails. This was part of the original futex fixes and got accidentally dropped, when the futex-tidy-up patch was split out.
Results in a NULL pointer dereference in case the search fails. Restore it. Please apply also to 2.6.21 stable Signed-off-by: Thomas Gleixner <[EMAIL PROTECTED]> Cc: Ingo Molnar <[EMAIL PROTECTED]> Cc: Stable Team <[EMAIL PROTECTED]> --- kernel/futex.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) Index: linux-2.6/kernel/futex.c =================================================================== --- linux-2.6.orig/kernel/futex.c 2007-06-23 11:39:20.000000000 +0200 +++ linux-2.6/kernel/futex.c 2007-06-23 11:39:20.000000000 +0200 @@ -409,14 +409,12 @@ static struct task_struct * futex_find_g rcu_read_lock(); p = find_task_by_pid(pid); - if (!p) - goto out_unlock; - if ((current->euid != p->euid) && (current->euid != p->uid)) { - p = NULL; - goto out_unlock; - } - get_task_struct(p); -out_unlock: + + if (!p || ((current->euid != p->euid) && (current->euid != p->uid))) + p = ERR_PTR(-ESRCH); + else + get_task_struct(p); + rcu_read_unlock(); return p; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/