Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d02479bdeb1c9b037892061cdcf4e730183391fa
Commit:     d02479bdeb1c9b037892061cdcf4e730183391fa
Parent:     179394af7a2baa1d0a3cb1670075310d72247d38
Author:     Oleg Nesterov <[EMAIL PROTECTED]>
AuthorDate: Wed Aug 22 14:01:37 2007 -0700
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Wed Aug 22 19:52:46 2007 -0700

    posix-timers: fix creation race
    
    sys_timer_create() sets ->it_process and unlocks ->siglock, then checks
    tmr->it_sigev_notify to define if get_task_struct() is needed.
    
    We already passed ->it_id to the caller, another thread can delete this 
timer
    and free its memory in between.
    
    As a minimal fix, move this code under ->siglock, sys_timer_delete() takes 
it
    too before calling release_posix_timer().  A proper serialization would be 
to
    take ->it_lock, we add a partly initialized timer on posix_timers_id, not
    good.
    
    Signed-off-by: Oleg Nesterov <[EMAIL PROTECTED]>
    Cc: Thomas Gleixner <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
---
 kernel/posix-timers.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
index 6923ad8..7a15afb 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -547,9 +547,9 @@ sys_timer_create(const clockid_t which_clock,
                                new_timer->it_process = process;
                                list_add(&new_timer->list,
                                         &process->signal->posix_timers);
-                               
spin_unlock_irqrestore(&process->sighand->siglock, flags);
                                if (new_timer->it_sigev_notify == 
(SIGEV_SIGNAL|SIGEV_THREAD_ID))
                                        get_task_struct(process);
+                               
spin_unlock_irqrestore(&process->sighand->siglock, flags);
                        } else {
                                
spin_unlock_irqrestore(&process->sighand->siglock, flags);
                                process = NULL;
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to