It looks like both 64a16caf5, and 98abed020 both introduced error paths to do_wait
where we miss unlocking the tasklist.
Spotted with coverity.
Signed-off-by: Dave Jones <[email protected]>
diff --git a/kernel/exit.c b/kernel/exit.c
index a949819..27004a6 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1526,13 +1526,15 @@ repeat:
tsk = current;
do {
retval = do_wait_thread(wo, tsk);
- if (retval)
+ if (retval) {
+ read_unlock(&tasklist_lock);
goto end;
-
+ }
retval = ptrace_do_wait(wo, tsk);
- if (retval)
+ if (retval) {
+ read_unlock(&tasklist_lock);
goto end;
-
+ }
if (wo->wo_flags & __WNOTHREAD)
break;
} while_each_thread(current, tsk);
On 09/20, Dave Jones wrote:
>
> It looks like both 64a16caf5, and 98abed020 both introduced error paths to do_wait
> where we miss unlocking the tasklist.
>
> Spotted with coverity.
Not really, afaics.
> --- a/kernel/exit.c
> +++ b/kernel/exit.c
> @@ -1526,13 +1526,15 @@ repeat:
> tsk = current;
> do {
> retval = do_wait_thread(wo, tsk);
> - if (retval)
> + if (retval) {
> + read_unlock(&tasklist_lock);
note that do_wait_thread() paths should drop tasklist if it returns non-zero.
Oleg.
On Fri, Sep 20, 2013 at 06:41:44PM +0200, Oleg Nesterov wrote:
> On 09/20, Dave Jones wrote:
> >
> > It looks like both 64a16caf5, and 98abed020 both introduced error paths to do_wait
> > where we miss unlocking the tasklist.
> >
> > Spotted with coverity.
>
> Not really, afaics.
>
> > --- a/kernel/exit.c
> > +++ b/kernel/exit.c
> > @@ -1526,13 +1526,15 @@ repeat:
> > tsk = current;
> > do {
> > retval = do_wait_thread(wo, tsk);
> > - if (retval)
> > + if (retval) {
> > + read_unlock(&tasklist_lock);
>
> note that do_wait_thread() paths should drop tasklist if it returns non-zero.
Ah, I missed the unlock in wait_task_continued.
I'm not sure why the checker didn't infer that. Perhaps it thinks it's possible we
can get take one of the early returns in that function before we do the tasklist unlock.
thanks,
Dave