[PATCH] Fix /proc access to dead thread group list oops

The pid_alive() check within the loop is incorrect.  If we are within
the tasklist lock and the thread group leader is valid then the thread
chain will be fully intact.

Instead, the check should be _outside_ the loop, since if the group
leader no longer exists, the whole list is gone and we must not try
to access it.

Move the check around, and add comment.

Bug-hunting and fix by Srivatsa Vaddagiri

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 3cc64eb275b1d7535c300de1ceaae249f6b17112..9da127ff6c4ff812d2a930c6b494a4c5bfe10317 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1666,10 +1666,14 @@ static int get_tid_list(int index, unsigned int *tids, struct inode *dir)
 
        index -= 2;
        read_lock(&tasklist_lock);
-       do {
+       /*
+        * The starting point task (leader_task) might be an already
+        * unlinked task, which cannot be used to access the task-list
+        * via next_thread().
+        */
+       if (pid_alive(task)) do {
                int tid = task->pid;
-               if (!pid_alive(task))
-                       continue;
+
                if (--index >= 0)
                        continue;
                tids[nr_tids] = tid;