From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756225Ab0IIWUd (ORCPT ); Thu, 9 Sep 2010 18:20:33 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37492 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754163Ab0IIWUc (ORCPT ); Thu, 9 Sep 2010 18:20:32 -0400 Date: Fri, 10 Sep 2010 00:15:55 +0200 From: Oleg Nesterov To: Jiri Slaby Cc: paulmck@linux.vnet.ibm.com, linux-kernel@vger.kernel.org, mingo@elte.hu, laijs@cn.fujitsu.com, dipankar@in.ibm.com, akpm@linux-foundation.org, mathieu.desnoyers@polymtl.ca, josh@joshtriplett.org, dvhltc@us.ibm.com, niv@us.ibm.com, tglx@linutronix.de, peterz@infradead.org, rostedt@goodmis.org, Valdis.Kletnieks@vt.edu, dhowells@redhat.com, eric.dumazet@gmail.com, jmorris@namei.org Subject: Re: [PATCH RFC] pid: make setpgid() system call use RCU read-side critical section Message-ID: <20100909221555.GB6273@redhat.com> References: <20100830172631.GA11868@linux.vnet.ibm.com> <4C7C0BAB.3000709@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4C7C0BAB.3000709@suse.cz> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08/30, Jiri Slaby wrote: > > Ccing Oleg. Sorry for delay... > > --- a/kernel/sys.c > > +++ b/kernel/sys.c > > @@ -938,6 +938,7 @@ SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid) > > write_lock_irq(&tasklist_lock); > > > > err = -ESRCH; > > + rcu_read_lock(); > > p = find_task_by_vpid(pid); > > AFAICT the missing lock doesn't harm due to the write_lock of tasklist > above. But is probably a good thing to do anyway. The problem is, find_task_by_vpid() is not safe without RCU. It is not that the returned task_struct can't go away, find_pid_ns() itself is not safe. This is because the failing copy_process() calls free_pid() without tasklist_lock and modifies pid_hash[] list. Oleg.