wait_task_stopped() must not just return 0 when it has

released the tasklist_lock. Since it released the lock, the process lists may not be valid any more, and we must repeat the loop rather than continue with the next parent. Use -EAGAIN to show this condition (separate from the normal -EFAULT that may happen if rusage information could not be copied to user space).

wait_task_stopped() must not just return 0 when it has
released the tasklist_lock. Since it released the lock, the process lists may not be valid any more, and we must repeat the loop rather than continue with the next parent. Use -EAGAIN to show this condition (separate from the normal -EFAULT that may happen if rusage information could not be copied to user space).
56b4c820 · Linus Torvalds · 73d7a5fa · 56b4c820
Commit 56b4c820 authored Nov 08, 2004 by Linus Torvalds
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 2 deletions

kernel/exit.c kernel/exit.c +11 -2

No files found.
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1201,8 +1201,15 @@ static int wait_task_stopped(task_t *p, int delayed_group_leader, int noreap,
 		write_unlock_irq(&tasklist_lock);
 bail_ref:
 		put_task_struct(p);
-		read_lock(&tasklist_lock);
-		return 0;
+		/*
+		 * We are returning to the wait loop without having successfully
+		 * removed the process and having released the lock. We cannot
+		 * continue, since the "p" task pointer is potentially stale.
+		 *
+		 * Return -EAGAIN, and do_wait() will restart the loop from the
+		 * beginning. Do _not_ re-acquire the lock.
+		 */
+		return -EAGAIN;
 	}

 	/* move to end of parent's list to avoid starvation */
@@ -1343,6 +1350,8 @@ static long do_wait(pid_t pid, int options, struct siginfo __user *infop,
 							   (options & WNOWAIT),
 							   infop,
 							   stat_addr, ru);
+				if (retval == -EAGAIN)
+					goto repeat;
 				if (retval != 0) /* He released the lock.  */
 					goto end;
 				break;