From: Oleg Nesterov <oleg@tv-sign.ru>

On 11/24, Oleg Nesterov wrote:
>
> -		if (!flag) {
> +		if (flag)
> +			continue;

This "last obvious cleanup right before sending the patch" is terribly wrong,
we can't continue, we must advance the tsk to the next_thread().

Cc: Roland McGrath <roland@redhat.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Eric Paris <eparis@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 kernel/exit.c |   21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff -puN kernel/exit.c~do_wait-fix-security-checks-fix kernel/exit.c
--- a/kernel/exit.c~do_wait-fix-security-checks-fix
+++ a/kernel/exit.c
@@ -1537,16 +1537,17 @@ repeat:
 			if (retval != 0) /* tasklist_lock released */
 				goto end;
 		}
-		if (flag)
-			continue;
-		list_for_each_entry(p, &tsk->ptrace_children, ptrace_list) {
-			flag = eligible_child(pid, options, p);
-			if (!flag)
-				continue;
-			if (likely(flag > 0))
-				break;
-			retval = flag;
-			goto end;
+		if (!flag) {
+			list_for_each_entry(p, &tsk->ptrace_children,
+								ptrace_list) {
+				flag = eligible_child(pid, options, p);
+				if (!flag)
+					continue;
+				if (likely(flag > 0))
+					break;
+				retval = flag;
+				goto end;
+			}
 		}
 		if (options & __WNOTHREAD)
 			break;
_