On 02/22, Andrew Morton wrote: > > Subject: redo locking of tty->pgrp > From: Alan Cox <[EMAIL PROTECTED]> > > Historically tty->pgrp and friends were pid_t and the code "knew" they were > safe. The change to pid structs opened up a few races and the removal of the > BKL in places made them quite hittable. We put tty->pgrp under the ctrl_lock > for the tty.
tiocgpgrp() still does pid_vnr(real_tty->pgrp) lockless, this is not safe, no? (the same for do_task_stat). It can race with tiocspgrp()->put_pid(real_tty->pgrp) which can actually free that pid. If this memory is reused, pid_nr_ns() can (in theory) crash. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
