From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754066AbcANDhm (ORCPT ); Wed, 13 Jan 2016 22:37:42 -0500 Received: from dnvrco-outbound-snat.email.rr.com ([107.14.73.228]:22096 "EHLO dnvrco-oedge-vip.email.rr.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753976AbcANDhj (ORCPT ); Wed, 13 Jan 2016 22:37:39 -0500 X-Greylist: delayed 421 seconds by postgrey-1.27 at vger.kernel.org; Wed, 13 Jan 2016 22:37:39 EST Date: Wed, 13 Jan 2016 22:30:19 -0500 From: "W. Michael Petullo" To: linux-kernel@vger.kernel.org Subject: Walking a wait_queue_t list of tasks blocked on pipe Message-ID: <20160114033019.GA11746@imp.flyn.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-RR-Connecting-IP: 107.14.64.118:25 X-Authority-Analysis: v=2.1 cv=U7YcDIbu c=1 sm=1 tr=0 a=87RIGqouMWMYfRMAVW2ryA==:117 a=87RIGqouMWMYfRMAVW2ryA==:17 a=ayC55rCoAAAA:8 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=yPAlea4wAAAA:8 a=kj9zAlcOel0A:10 a=7aQ_Q-yQQ-AA:10 a=yFttPJYtYxPEx23rpPYA:9 a=CjuIK1q_8ugA:10 X-Cloudmark-Score: 0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I am trying to write code to walk a wait_queue_t list as part of a LSM file_permission function. The purpose is to act on each task which has blocked while trying to read from a pipe. I modeled my code on __wake_up_common() in kernel/sched/core.c, and it looks something like this: // i_pipe is a struct pipe_inode_info * if (i_pipe->reader <= 0) { return; } list_for_each_entry_safe(curr, next, &i_pipe->wait.task, task_list) { [...] struct task_struct *blocked = curr->private; [...] } I am not updating the list itself. I am merely setting a value within each task_struct's security object. I have tried to wrap my code with this: pipe_lock(i_pipe) pipe_unlock[...] this: write_lock_irq(&tasklist_lock) write_unlock_irq[...] and also this: spin_lock_irqsave(&i_pipe->wait.lock, flags) spin_unlock_irqrestore[...] Despite these locks, I sometimes find that blocked (AKA curr->private) == NULL during an iteration of the list_for_each_entry_safe loop, and this surprises me. Somme memory corruption errors also seem to indicate that sometimes blocked contains an invalid pointer other than NULL. Why would there be en entry in the wait_queue_t list which does not have a process associated with it? Is the data structure moving out from under me? Is there something else I should lock? Thank you, -- Mike :wq