Re: [PATCH] fix de_thread() vs send_group_sigqueue() race

From: Linus Torvalds
Date: Tue Nov 08 2005 - 15:57:23 EST

Next message: Kenny Simpson: "re: mmap over nfs leads to excessive system load"
Previous message: Richard Knutsson: "Re: [PATCH] i386: make trap information available to die handlers"
In reply to: Chris Wright: "Re: [PATCH] fix de_thread() vs send_group_sigqueue() race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 8 Nov 2005, Chris Wright wrote:

> * Oleg Nesterov (oleg@xxxxxxxxxx) wrote:
> > When non-leader thread does exec, de_thread calls release_task(leader) before
> > calling exit_itimers(). If local timer interrupt happens in between, it can
> > oops in send_group_sigqueue() while taking ->sighand->siglock == NULL.
> >
> > However, we can't change send_group_sigqueue() to check p->signal != NULL,
> > because sys_timer_create() does get_task_struct() only in SIGEV_THREAD_ID
> > case. So it is possible that this task_struct was already freed and we can't
> > trust p->signal.
> >
> > This patch changes de_thread() so that leader released after exit_itimers()
> > call.
>
> Nice catch. As soon as Linus picks it up we'll put it in -stable as
> well.

Gaah. For some reason I was pretty much the only one not cc'd on the
original patch ;)

Found it on linux-kernel.

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kenny Simpson: "re: mmap over nfs leads to excessive system load"
Previous message: Richard Knutsson: "Re: [PATCH] i386: make trap information available to die handlers"
In reply to: Chris Wright: "Re: [PATCH] fix de_thread() vs send_group_sigqueue() race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]