hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICTJEE -------------------------------- During the process of exiting, __unhash_process() first calls detach_pid() to set the thread_pid of the process to null, and then removes the node from the process list. There is a concurrency scenario, if process A is in the process of exiting, and process B happens to traverse the process list just as the thread_pid of the process node has been set to null, but the node has not yet been deleted. This lead to a null pointer dereference issue. Fix this issue by adding a read lock before traversing the process list. Fixes: d758abf3762c ("bpf-rvi: pidns: Calculate loadavg for each pid namespace") Signed-off-by: Gu Bowen <gubowen5@huawei.com> --- kernel/pid_namespace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index a7e6aa2788ef..b321c02f382e 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -551,6 +551,7 @@ static void pidns_update_load_tasks(void) struct task_struct *p, *t; rcu_read_lock(); + read_lock(&tasklist_lock); for_each_process_thread(p, t) { // exists for sure, don't need get_pid_ns() struct pid_namespace *pidns = task_active_pid_ns(t); @@ -565,6 +566,7 @@ static void pidns_update_load_tasks(void) pidns = pidns->parent; } } + read_unlock(&tasklist_lock); rcu_read_unlock(); } -- 2.43.0