Oleg Nesterov <oleg at tv-sign.ru> writes:
> On 08/15, Eric W. Biederman wrote:
>>
>> +static inline pid_t pid_nr(struct pid *pid)
>> +{
>> + pid_t nr = 0;
>> + if (pid)
>> + nr = pid->nr;
>> + return nr;
>> +}
>
> I think this is not safe, you need rcu locks here or the caller should
> do some locking.
>
> Let's look at f_getown() (PATCH 7/7). What if original task which was
> pointed by ->f_owner.pid has gone, another thread does fcntl(F_SETOWN),
> and pid_nr() takes a preemtion after 'if (pid)'? In this case 'pid->nr'
> may follow a freed memory.
This isn't an rcu reference. I hold a hard reference count on
the pid entry. So this should be safe.
What is an rcu reference is going from struct pid to the task
it points to.
Eric
