From: Oleg Nesterov <oleg@tv-sign.ru>

There is a window when de_thread() switches the leader and drops
tasklist_lock.  In that window do_each_pid_task(PIDTYPE_PID) finds both new
and old leaders.

The problem is pretty much theoretical and probably can be ignored.  Currently
the only users of do_each_pid_task(PIDTYPE_PID) are send_sigio/send_sigurg, so
they can send the signal to the same process twice.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/pid.h |    6 ++++++
 1 file changed, 6 insertions(+)

diff -puN include/linux/pid.h~uglify-while_each_pid_task-to-make-sure-we-dont-count-the-execing-pricess-twice include/linux/pid.h
--- a/include/linux/pid.h~uglify-while_each_pid_task-to-make-sure-we-dont-count-the-execing-pricess-twice
+++ a/include/linux/pid.h
@@ -152,7 +152,13 @@ pid_t pid_vnr(struct pid *pid);
 			hlist_for_each_entry_rcu((task), pos___,	\
 				&pid->tasks[type], pids[type].node) {
 
+			/*
+			 * Both old and new leaders may be attached to
+			 * the same pid in the middle of de_thread().
+			 */
 #define while_each_pid_task(pid, type, task)				\
+				if (type == PIDTYPE_PID)		\
+					break;				\
 			}						\
 	} while (0)
 
_