On 08/15, Eric W. Biederman wrote:
>
> +static inline pid_t pid_nr(struct pid *pid)
> +{
> + pid_t nr = 0;
> + if (pid)
> + nr = pid->nr;
> + return nr;
> +}
I think this is not safe, you need rcu locks here or the caller should
do some locking.
Let's look at f_getown() (PATCH 7/7). What if original task which was
pointed by ->f_owner.pid has gone, another thread does fcntl(F_SETOWN),
and pid_nr() takes a preemtion after 'if (pid)'? In this case 'pid->nr'
may follow a freed memory.
Oleg.
