From: ebiederm@xmission.com (Eric W. Biederman)
To: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] introduce get_task_pid() to fix unsafe get_pid()
References: <20060911022535.GA7095@oleg>
Date: Sun, 10 Sep 2006 21:58:25 -0600
In-Reply-To: <20060911022535.GA7095@oleg> (Oleg Nesterov's message of "Mon, 11
	Sep 2006 06:25:35 +0400")
Message-ID: <m1venvawbi.fsf@ebiederm.dsl.xmission.com>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1152
Lines: 34

Oleg Nesterov <oleg@tv-sign.ru> writes:

> (COMPILE TESTED, needs an ack from Eric)
>
> proc_pid_make_inode:
>
> 	ei->pid = get_pid(task_pid(task));
>
> I think this is not safe. get_pid() can be preempted after checking
> "pid != NULL". Then the task exits, does detach_pid(), and RCU frees
> the pid.

Ugh.  I had forgotten that the pid of a task gets freed even if you
hold a reference to the task struct.  So the preemption case looks possible.

Your technique to handle this problem looks fine.

As for the functions can we build them in all 4 varieties.
struct pid *get_task_pid(struct task *);
struct pid *get_task_tgid(struct task *);
struct pid *get_task_pgrp(struct task *);
struct pid *get_task_session(struct task *);

Functions without a flag are less error prone to use, and clearer to read.

Either that or we can just drop in some rcu_read_lock() rcu_read_unlock()
into the call sites.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/