Commit:     d02479bdeb1c9b037892061cdcf4e730183391fa
Parent:     179394af7a2baa1d0a3cb1670075310d72247d38
Author:     Oleg Nesterov <[EMAIL PROTECTED]>
AuthorDate: Wed Aug 22 14:01:37 2007 -0700
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Wed Aug 22 19:52:46 2007 -0700

    posix-timers: fix creation race
    sys_timer_create() sets ->it_process and unlocks ->siglock, then checks
    tmr->it_sigev_notify to define if get_task_struct() is needed.
    We already passed ->it_id to the caller, another thread can delete this 
    and free its memory in between.
    As a minimal fix, move this code under ->siglock, sys_timer_delete() takes 
    too before calling release_posix_timer().  A proper serialization would be 
    take ->it_lock, we add a partly initialized timer on posix_timers_id, not
    Signed-off-by: Oleg Nesterov <[EMAIL PROTECTED]>
    Cc: Thomas Gleixner <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
 kernel/posix-timers.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
index 6923ad8..7a15afb 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -547,9 +547,9 @@ sys_timer_create(const clockid_t which_clock,
                                new_timer->it_process = process;
spin_unlock_irqrestore(&process->sighand->siglock, flags);
                                if (new_timer->it_sigev_notify == 
spin_unlock_irqrestore(&process->sighand->siglock, flags);
                        } else {
spin_unlock_irqrestore(&process->sighand->siglock, flags);
                                process = NULL;
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to