On 2018/10/26 23:39, Oleg Nesterov wrote: > On 10/26, Tetsuo Handa wrote: >> Suppose p1 == p2->real_parent and p2 == p3->real_parent, and p1 exited >> when someone tried to attach on p2, p2->real_parent was pointing to already >> (or about to be) freed p1. > > I don't see a difference. > > If p1 exits it will re-parent p2, p2->real_parent will be updated. > >> So, the puzzle part is why p2->real_parent was still pointing p1 even after >> p1 was freed... > > I don't understand the question. > > Once again. TASK->real_parent can point to the freed mem only if a) TASK > exits, > and b) _after_ that its parent TASK->real_parent exits too.
Oh, p2 exited and then p1 also exited when someone tried to attach on p2. Then, p2->real_parent can point to already (or about to be) freed p1. > >>> Again, did you read my previous email? >> >> Yes. But I still can't be convinced that pid_alive() test helps. > > Well, I don't understand which part of my explanations is not clear to you. OK. Checking pid_alive() should help. (By the way, if p->real_parent were updated to point to init_task when p exits, we could omit pid_alive() check?)
