[PATCH] Fix /proc access to dead thread group list oops

The pid_alive() check within the loop is incorrect. If we are within the tasklist lock and the thread group leader is valid then the thread chain will be fully intact. Instead, the check should be _outside_ the loop, since if the group leader no longer exists, the whole list is gone and we must not try to access it. Move the check around, and add comment. Bug-hunting and fix by Srivatsa Vaddagiri

[PATCH] Fix /proc access to dead thread group list oops
The pid_alive() check within the loop is incorrect. If we are within the tasklist lock and the thread group leader is valid then the thread chain will be fully intact. Instead, the check should be _outside_ the loop, since if the group leader no longer exists, the whole list is gone and we must not try to access it. Move the check around, and add comment. Bug-hunting and fix by Srivatsa Vaddagiri
2452eef0 · Ingo Molnar · Linus Torvalds · 4d878fe3 · 2452eef0
Commit 2452eef0 authored Dec 02, 2003 by Ingo Molnar Committed by Linus Torvalds Dec 02, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

fs/proc/base.c fs/proc/base.c +7 -3

No files found.
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1666,10 +1666,14 @@ static int get_tid_list(int index, unsigned int *tids, struct inode *dir)
 	index -= 2;
 	read_lock(&tasklist_lock);
-	do {
+	/*
+	 * The starting point task (leader_task) might be an already
+	 * unlinked task, which cannot be used to access the task-list
+	 * via next_thread().
+	 */
+	if (pid_alive(task)) do {
 		int tid = task->pid;
-		if (!pid_alive(task))
-			continue;
 		if (--index >= 0)
 			continue;
 		tids[nr_tids] = tid;