[PATCH] simplify/fix first_tid()

first_tid: /* If nr exceeds the number of threads there is nothing todo */ if (nr) { if (nr >= get_nr_threads(leader)) goto done; } This is not reliable: sub-threads can exit after this check, so the 'for' loop below can overlap and proc_task_readdir() can return an already filldir'ed dirents. for (; pos && pid_alive(pos); pos = next_thread(pos)) { if (--nr > 0) continue; Off-by-one error, will return 'leader' when nr == 1. This patch tries to fix these problems and simplify the code. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] simplify/fix first_tid()
first_tid: /* If nr exceeds the number of threads there is nothing todo */ if (nr) { if (nr >= get_nr_threads(leader)) goto done; } This is not reliable: sub-threads can exit after this check, so the 'for' loop below can overlap and proc_task_readdir() can return an already filldir'ed dirents. for (; pos && pid_alive(pos); pos = next_thread(pos)) { if (--nr > 0) continue; Off-by-one error, will return 'leader' when nr == 1. This patch tries to fix these problems and simplify the code. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
a872ff0c · Oleg Nesterov · Linus Torvalds · cc288738 · a872ff0c
Commit a872ff0c authored Jun 26, 2006 by Oleg Nesterov Committed by Linus Torvalds Jun 26, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 21 deletions

fs/proc/base.c fs/proc/base.c +17 -21

No files found.
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2227,38 +2227,34 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
 static struct task_struct *first_tid(struct task_struct *leader,
 					int tid, int nr)
 {
-	struct task_struct *pos = NULL;
+	struct task_struct *pos;

 	rcu_read_lock();
 	/* Attempt to start with the pid of a thread */
 	if (tid && (nr > 0)) {
 		pos = find_task_by_pid(tid);
-		if (pos && (pos->group_leader != leader))
-			pos = NULL;
-		if (pos)
-			nr = 0;
+		if (pos && (pos->group_leader == leader))
+			goto found;
 	}

 	/* If nr exceeds the number of threads there is nothing todo */
-	if (nr) {
-		if (nr >= get_nr_threads(leader))
-			goto done;
-	}
+	pos = NULL;
+	if (nr && nr >= get_nr_threads(leader))
+		goto out;

-	/* If we haven't found our starting place yet start with the
-	 * leader and walk nr threads forward.
+	/* If we haven't found our starting place yet start
+	 * with the leader and walk nr threads forward.
 	 */
-	if (!pos && (nr >= 0))
-		pos = leader;
-
-	for (; pos && pid_alive(pos); pos = next_thread(pos)) {
-		if (--nr > 0)
-			continue;
-		get_task_struct(pos);
-		goto done;
+	for (pos = leader; nr > 0; --nr) {
+		pos = next_thread(pos);
+		if (pos == leader) {
+			pos = NULL;
+			goto out;
+		}
 	}
-	pos = NULL;
-done:
+found:
+	get_task_struct(pos);
+out:
 	rcu_read_unlock();
 	return pos;
 }