On 10/09, Andrew Morton wrote:
>
> > @@ -240,17 +230,11 @@ void zap_pid_ns_processes(struct pid_namespace
> > *pid_ns)
> > *
> > */
> > read_lock(&tasklist_lock);
> > - nr = next_pidmap(pid_ns, 1);
> > - while (nr > 0) {
> > - rcu_read_lock();
> > -
> > - task = pid_task(find_vpid(nr), PIDTYPE_PID);
> > + nr = 2;
> > + idr_for_each_entry_continue(&pid_ns->idr, pid, nr) {
> > + task = pid_task(pid, PIDTYPE_PID);
> > if (task && !__fatal_signal_pending(task))
> > send_sig_info(SIGKILL, SEND_SIG_FORCED, task);
> > -
> > - rcu_read_unlock();
> > -
> > - nr = next_pidmap(pid_ns, nr);
> > }
> > read_unlock(&tasklist_lock);
>
> Especially here. I don't think pidmap_lock is held. Is that IDR
> iteration safe?
Yes, this doesn't look right, we need rcu_read_lock() or pidmap_lock.
And, we also need rcu_read_lock() for another reason, to protect "struct pid".
Gargi, I suggested to use idr_for_each_entry_continue(), but now I am wondering
if we should use idr_for_each() instead. IIUC this would be a bit faster? Not
that I think this is really important...
Oleg.
