[PATCH] -mm check_rlimit oops on p->signal

[Hugh Dickins]

The p->signal check in account_system_time is insufficient.  If the
timer interrupt hits near the end of exit_notify, after EXIT_ZOMBIE has
been set, another cpu may release_task (NULLifying p->signal) in between
account_system_time's check and check_rlimit's dereference.  Nor should
account_it_prof risk send_sig.  But surely account_user_time is safe?

Signed-off-by: Hugh Dickins <hugh@xxxxxxxxxxx>

--- 2.6.10-rc1-mm5/kernel/sched.c	2004-11-11 12:40:12.000000000 +0000
+++ linux/kernel/sched.c	2004-11-14 20:41:26.851384984 +0000
@@ -2333,8 +2333,7 @@ void account_user_time(struct task_struc
 	p->utime = cputime_add(p->utime, cputime);
 
 	/* Check for signals (SIGVTALRM, SIGPROF, SIGXCPU & SIGKILL). */
-	if (likely(p->signal))
-		check_rlimit(p, cputime);
+	check_rlimit(p, cputime);
 	account_it_virt(p, cputime);
 	account_it_prof(p, cputime);
 
@@ -2362,9 +2361,10 @@ void account_system_time(struct task_str
 	p->stime = cputime_add(p->stime, cputime);
 
 	/* Check for signals (SIGPROF, SIGXCPU & SIGKILL). */
-	if (likely(p->signal))
+	if (likely(p->signal && p->exit_state < EXIT_ZOMBIE)) {
 		check_rlimit(p, cputime);
-	account_it_prof(p, cputime);
+		account_it_prof(p, cputime);
+	}
 
 	/* Add system time to cpustat. */
 	tmp = cputime_to_cputime64(cputime);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/