diff options
author | Oleg Nesterov <oleg@redhat.com> | 2014-01-24 00:55:38 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-24 01:37:01 +0100 |
commit | c986c14a6a88427946dc77d7018a81b95b3d41b6 (patch) | |
tree | af9183f50ca1b002745a491f5d9bc1f2d4b84c78 | |
parent | proc: fix the potential use-after-free in first_tid() (diff) | |
download | linux-c986c14a6a88427946dc77d7018a81b95b3d41b6.tar.xz linux-c986c14a6a88427946dc77d7018a81b95b3d41b6.zip |
proc: change first_tid() to use while_each_thread() rather than next_thread()
Rerwrite the main loop to use while_each_thread() instead of
next_thread(). We are going to fix or replace while_each_thread(),
next_thread() should be avoided whenever possible.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Sameer Nanda <snanda@chromium.org>
Cc: Sergey Dyasly <dserrg@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/proc/base.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index f223a56e613c..be8e17cabfc7 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -3106,23 +3106,23 @@ static struct task_struct *first_tid(struct task_struct *leader, } /* If nr exceeds the number of threads there is nothing todo */ - pos = NULL; if (nr && nr >= get_nr_threads(leader)) - goto out; + goto fail; /* It could be unhashed before we take rcu lock */ if (!pid_alive(leader)) - goto out; + goto fail; /* If we haven't found our starting place yet start * with the leader and walk nr threads forward. */ - for (pos = leader; nr > 0; --nr) { - pos = next_thread(pos); - if (pos == leader) { - pos = NULL; - goto out; - } - } + pos = leader; + do { + if (nr-- <= 0) + goto found; + } while_each_thread(leader, pos); +fail: + pos = NULL; + goto out; found: get_task_struct(pos); out: |