aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Morton <akpm@osdl.org>2006-03-25 06:07:48 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-03-25 11:22:57 -0500
commit05eeae208d08a05a6980cf2ff61f02843c0955fd (patch)
treebe6c6c4e16cfac07edf437a1f74ef027ada8ccc7
parentc1f5a1944657ba6abe375e3bb2a3238a46849f70 (diff)
[PATCH] find_task_by_pid() needs tasklist_lock
A couple of places are forgetting to take it. The kswapd case is probably unimportant. keventd_create_kthread() was racy. The whole thing is a bit flakey: you start a kernel thread, get its pid from kernel_thread() then look up its task_struct. a) It assumes that pid recycling takes a "long" time. b) We get a task_struct but no reference was taken on it. The owner of the kswapd and kthread task_struct*'s must assume that the new thread won't exit unexpectedly. Because if it does, they're left holding dead memory and any attempt to control or stop that task will crash. Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--kernel/kthread.c2
-rw-r--r--mm/vmscan.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/kernel/kthread.c b/kernel/kthread.c
index 6a5373868a98..c5f3c6613b6d 100644
--- a/kernel/kthread.c
+++ b/kernel/kthread.c
@@ -115,7 +115,9 @@ static void keventd_create_kthread(void *_create)
115 create->result = ERR_PTR(pid); 115 create->result = ERR_PTR(pid);
116 } else { 116 } else {
117 wait_for_completion(&create->started); 117 wait_for_completion(&create->started);
118 read_lock(&tasklist_lock);
118 create->result = find_task_by_pid(pid); 119 create->result = find_task_by_pid(pid);
120 read_unlock(&tasklist_lock);
119 } 121 }
120 complete(&create->done); 122 complete(&create->done);
121} 123}
diff --git a/mm/vmscan.c b/mm/vmscan.c
index fd572bbdc9f5..78865c849f8f 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1356,7 +1356,9 @@ static int __init kswapd_init(void)
1356 1356
1357 pid = kernel_thread(kswapd, pgdat, CLONE_KERNEL); 1357 pid = kernel_thread(kswapd, pgdat, CLONE_KERNEL);
1358 BUG_ON(pid < 0); 1358 BUG_ON(pid < 0);
1359 read_lock(&tasklist_lock);
1359 pgdat->kswapd = find_task_by_pid(pid); 1360 pgdat->kswapd = find_task_by_pid(pid);
1361 read_unlock(&tasklist_lock);
1360 } 1362 }
1361 total_memory = nr_free_pagecache_pages(); 1363 total_memory = nr_free_pagecache_pages();
1362 hotcpu_notifier(cpu_callback, 0); 1364 hotcpu_notifier(cpu_callback, 0);