On Thu, Aug 11, 2005 at 04:16:53PM +0400, Oleg Nesterov wrote:
> Paul E. McKenney wrote:
> >
> > --- linux-2.6.13-rc6/kernel/signal.c 2005-08-08 19:59:24.000000000
> > -0700
> > +++ linux-2.6.13-rc6-tasklistRCU/kernel/signal.c 2005-08-10
> > 08:20:25.000000000 -0700
> > @@ -1151,9 +1151,13 @@ int group_send_sig_info(int sig, struct
> >
> > ret = check_kill_permission(sig, info, p);
> > if (!ret && sig && p->sighand) {
> > + if (!get_task_struct_rcu(p)) {
> > + return -ESRCH;
> > + }
> > spin_lock_irqsave(&p->sighand->siglock, flags);
> ^^^^^^^
> Is it correct?
>
> The caller (kill_proc_info) does not take tasklist_lock anymore.
> If p does exec() at this time it can change/free its ->sighand.
>
> fs/exec.c:de_thread()
> 773 write_lock_irq(&tasklist_lock);
> 774 spin_lock(&oldsighand->siglock);
> 775 spin_lock(&newsighand->siglock);
> 776
> 777 current->sighand = newsighand;
> 778 recalc_sigpending();
> 779
> 780 spin_unlock(&newsighand->siglock);
> 781 spin_unlock(&oldsighand->siglock);
> 782 write_unlock_irq(&tasklist_lock);
> 783
> 784 if (atomic_dec_and_test(&oldsighand->count))
> 785 kmem_cache_free(sighand_cachep, oldsighand);
Looks suspicious to me! ;-) Will look into this one, thank you for
pointing it out!
Thanx, Paul
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
