[PATCH] sys_getppid oopses on debug kernel (6997a6fa) · Commits · e / devices / android_kernel_fairphone_FP4

kernel/timer.c

+7 −34

Original line number	Diff line number	Diff line
		@@ -1324,46 +1324,19 @@ asmlinkage long sys_getpid(void)
		}

		/*
		* Accessing ->group_leader->real_parent is not SMP-safe, it could
		* change from under us. However, rather than getting any lock
		* we can use an optimistic algorithm: get the parent
		* pid, and go back and check that the parent is still
		* the same. If it has changed (which is extremely unlikely
		* indeed), we just try again..
		*
		* NOTE! This depends on the fact that even if we _do_
		* get an old value of "parent", we can happily dereference
		* the pointer (it was and remains a dereferencable kernel pointer
		* no matter what): we just can't necessarily trust the result
		* until we know that the parent pointer is valid.
		*
		* NOTE2: ->group_leader never changes from under us.
		* Accessing ->real_parent is not SMP-safe, it could
		* change from under us. However, we can use a stale
		* value of ->real_parent under rcu_read_lock(), see
		* release_task()->call_rcu(delayed_put_task_struct).
		*/
		asmlinkage long sys_getppid(void)
		{
		int pid;
		struct task_struct *me = current;
		struct task_struct *parent;

		parent = me->group_leader->real_parent;
		for (;;) {
		pid = parent->tgid;
		#if defined(CONFIG_SMP) \|\| defined(CONFIG_PREEMPT)
		{
		struct task_struct *old = parent;
		rcu_read_lock();
		pid = rcu_dereference(current->real_parent)->tgid;
		rcu_read_unlock();

		/*
		* Make sure we read the pid before re-reading the
		* parent pointer:
		*/
		smp_rmb();
		parent = me->group_leader->real_parent;
		if (old != parent)
		continue;
		}
		#endif
		break;
		}
		return pid;
		}