diff options
| author | Oleg Nesterov <oleg@redhat.com> | 2014-12-10 15:45:24 -0800 |
|---|---|---|
| committer | Moyster <oysterized@gmail.com> | 2019-05-02 18:24:58 +0200 |
| commit | bc57f59f8c2467f18622bdbbbb0bda515b5a9581 (patch) | |
| tree | 249d9aa8602fd74744dbd34a57aab7b683e9b075 | |
| parent | 459212c491c4e05eebc169ff1c487f40d15d04f1 (diff) | |
exit: reparent: use ->ptrace_entry rather than ->sibling for EXIT_DEAD tasks
reparent_leader() reuses ->sibling as a list node to add an EXIT_DEAD task
into dead_children list we are going to release. This obviously removes
the dead task from its real_parent->children list and this is even good;
the parent can do nothing with the EXIT_DEAD reparented zombie, it only
makes do_wait() slower.
But, this also means that it can not be reparented once again, so if its
new parent dies too nobody will update ->parent/real_parent, they can
point to the freed memory even before release_task() we are going to call,
this breaks the code which relies on pid_alive() to access
->real_parent/parent.
Fortunately this is mostly theoretical, this can only happen if init or
PR_SET_CHILD_SUBREAPER process ignores SIGCHLD and the new parent
sub-thread exits right after we drop tasklist_lock.
Change this code to use ->ptrace_entry instead, we know that the child is
not traced so nobody can ever use this member. This also allows to unify
this logic with exit_ptrace(), see the next changes.
Note: we really need to change release_task() to nullify real_parent/
parent/group_leader pointers, but we need to change the current users
first somehow. And it would be better to reap this zombie immediately but
release_task_locked() we need is complicated by proc_flush_task().
Change-Id: I81889ce9d296b5efa1afb47a9fa2f45d8ed1bb9a
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Aaron Tomlin <atomlin@redhat.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Cc: Sterling Alexander <stalexan@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Roland McGrath <roland@hack.frob.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | kernel/exit.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index a35e99416..ff9188af7 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -551,7 +551,7 @@ static void reparent_leader(struct task_struct *father, struct task_struct *p, p->exit_state == EXIT_ZOMBIE && thread_group_empty(p)) { if (do_notify_parent(p, p->exit_signal)) { p->exit_state = EXIT_DEAD; - list_move_tail(&p->sibling, dead); + list_add(&p->ptrace_entry, dead); } } @@ -590,8 +590,8 @@ static void forget_original_parent(struct task_struct *father) BUG_ON(!list_empty(&father->children)); - list_for_each_entry_safe(p, n, &dead_children, sibling) { - list_del_init(&p->sibling); + list_for_each_entry_safe(p, n, &dead_children, ptrace_entry) { + list_del_init(&p->ptrace_entry); release_task(p); } } |