diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2008-04-30 00:54:25 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-30 08:29:48 -0700 |
commit | 65450cebc6a2efde80ed45514f727e6e4dc1eafd (patch) | |
tree | 26d3cdb75b4e94eed773c71c4bcb3c5d5843eed3 | |
parent | 5cd204550b1a006f2b0c986b0e0f53220ebfd391 (diff) | |
download | op-kernel-dev-65450cebc6a2efde80ed45514f727e6e4dc1eafd.zip op-kernel-dev-65450cebc6a2efde80ed45514f727e6e4dc1eafd.tar.gz |
pids: de_thread: don't clear session/pgrp pids for the old leader
Based on Eric W. Biederman's idea.
Unless task == current, without tasklist_lock held task_session()/task_pgrp()
can return NULL if the caller races with de_thread() which switches the group
leader.
Change transfer_pid() to not clear old->pids[type].pid for the old leader.
This means that its .pid can point to "nowhere", but this is already true for
sub-threads, and the old leader is not group_leader() any longer. IOW, with
or without this change we can't trust task's special pids unless it is the
group leader.
With this change the following code
rcu_read_lock();
task = find_task_by_xxx();
do_something(task_pgrp(task), task_session(task));
rcu_read_unlock();
can't race with exec and hit the NULL pid.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | kernel/pid.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/kernel/pid.c b/kernel/pid.c index a9ae9f7..e9a31d3 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -354,7 +354,6 @@ void transfer_pid(struct task_struct *old, struct task_struct *new, { new->pids[type].pid = old->pids[type].pid; hlist_replace_rcu(&old->pids[type].node, &new->pids[type].node); - old->pids[type].pid = NULL; } struct task_struct *pid_task(struct pid *pid, enum pid_type type) |