On Wed, Mar 7, 2012 at 9:08 PM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > Once again. You have the task_struct *task. It exits, > but task->thread_group->next still points to another thread T. Now suppose > that T exits too. But task->thread_group->next was not changed, it still > points to T. RCU grace period passes, T is freed. > > After that you take rcu_read_lock(), but it is too late! >next points to > the already freed/reused memory. How can list_first_entry_rcu() help? Ahh, I completely misunderstood your point. Thanks for the detailed explanation. > And. Imho it is not good to have the (afaics exactly?) same code in > mm/nommu.c, even with the same names. Why it is not possible to make > a single definition? Yes it is the same code. I put the code in both memory.c and nommu.c because I thought they fit in there logically. I can find a common place for it. -- Siddhesh Poyarekar http://siddhesh.in -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
