> sys_sched_setaffinity, lines:
> 1571 get_task_struct(p);
> 1572 read_unlock(&tasklist_lock);
> Line 1571 calls get_task_struct because the task might exit during the
> syscall. Suppose that this is exactly what happens. This means that line
> 1583 will effectivly free the task. But set_cpus_allowed stuffed a
> pointer to the task into a request struct without incrementing the usage
> count of the task struct.
note that the scenario you describe is not possible, because
set_cpus_allowed() will wait for the migration thread to do its work - so
the put_task_struct can never come before the last use of the task
structure. See the 'down(&req.sem)' in set_cpus_allowed(), and the
up(&req->sem) in migration_thread().
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/