Walking a wait_queue_t list of tasks blocked on pipe

W. Michael Petullo mike at flyn.org
Tue Jan 12 22:13:35 EST 2016

I am trying to walk a wait_queue_t list as part of a LSM file_permission
function. The purpose is to act on each task which has blocked while
trying to read from a pipe.

I have modeled my code on __wake_up_common() in kernel/sched/core.c,
and it looks something like this:

	if (i_pipe->reader <= 0) {

	list_for_each_entry_safe(curr, next, &i_pipe->wait.task, task_list) {
		struct task_struct *blocked = curr->private;

I have tried to wrap this with:

	spin_lock_irqsave(&i_pipe->wait.lock, flags)

and also:


Despite this, I sometimes find that blocked (AKA curr->private) == NULL
during an iteration of the list_for_each_entry_safe loop, and this
surprises me. Why would there be en entry in the wait_queue_t list which
does not have a process associated with it? Is the data structure moving
out from under me? Is there something else I should lock?

