From: Eric W. Biederman <ebiederm@xmission.com>

Fix reference counts in seccomp_write, and mem_read.

While looking for the bug I found two other places I goofed.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/proc/base.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletion(-)

diff -puN fs/proc/base.c~proc-dont-lock-task_structs-indefinitely-mem_read-fix fs/proc/base.c
--- devel/fs/proc/base.c~proc-dont-lock-task_structs-indefinitely-mem_read-fix	2006-02-28 23:34:10.000000000 -0800
+++ devel-akpm/fs/proc/base.c	2006-02-28 23:34:10.000000000 -0800
@@ -710,6 +710,9 @@ static ssize_t mem_read(struct file * fi
 	int ret = -ESRCH;
 	struct mm_struct *mm;
 
+	if (!task)
+		goto out_no_task;
+
 	if (!MAY_PTRACE(task) || !ptrace_may_attach(task))
 		goto out;
 
@@ -759,6 +762,8 @@ out_put:
 out_free:
 	free_page((unsigned long) page);
 out:
+	put_task_struct(task);
+out_no_task:
 	return ret;
 }
 
@@ -1004,10 +1009,12 @@ static ssize_t seccomp_write(struct file
 	if (unlikely(tsk->seccomp.mode))
 		goto out;
 
+	result = -EFAULT;
 	memset(__buf, 0, sizeof(__buf));
 	count = min(count, sizeof(__buf) - 1);
 	if (copy_from_user(__buf, buf, count))
-		return -EFAULT;
+		goto out;
+
 	seccomp_mode = simple_strtoul(__buf, &end, 0);
 	if (*end == '\n')
 		end++;
_