On Fri, Aug 30, 2002 at 09:06:38AM +0200, Ingo Molnar wrote:
>
> On Thu, 29 Aug 2002, Christian Ehrhardt wrote:
>
> > sys_sched_setaffinity, lines:
> > 1571 get_task_struct(p);
> > 1572 read_unlock(&tasklist_lock);
>
> > Line 1571 calls get_task_struct because the task might exit during the
> > syscall. Suppose that this is exactly what happens. This means that line
> > 1583 will effectivly free the task. But set_cpus_allowed stuffed a
> > pointer to the task into a request struct without incrementing the usage
> > count of the task struct.
>
> note that the scenario you describe is not possible, because
> set_cpus_allowed() will wait for the migration thread to do its work - so
> the put_task_struct can never come before the last use of the task
> structure. See the 'down(&req.sem)' in set_cpus_allowed(), and the
> up(&req->sem) in migration_thread().
Agreed. Is there anything that prevents the other scenario described
in the original mail, i.e. sys_wait frees the task struct before the
task finally scheduled away? There used to be a lock_kernel in sys_wait
and sys_exit to make sure this doesn't happen but it is gone in 2.5.
regards Christian
-- THAT'S ALL FOLKS! - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Aug 31 2002 - 22:00:33 EST