kernel-ark/fs
Oleg Nesterov 329f7dba5f [PATCH] fix de_thread() vs send_group_sigqueue() race
When non-leader thread does exec, de_thread calls release_task(leader) before
calling exit_itimers(). If local timer interrupt happens in between, it can
oops in send_group_sigqueue() while taking ->sighand->siglock == NULL.

However, we can't change send_group_sigqueue() to check p->signal != NULL,
because sys_timer_create() does get_task_struct() only in SIGEV_THREAD_ID
case. So it is possible that this task_struct was already freed and we can't
trust p->signal.

This patch changes de_thread() so that leader released after exit_itimers()
call.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Acked-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-08 12:58:38 -08:00
..
9p [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
adfs
affs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
afs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
autofs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
autofs4 [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
befs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
bfs
cifs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
coda
cramfs
debugfs
devfs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
devpts
efs
exportfs
ext2 [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
ext3
fat
freevxfs [PATCH] vxfs: use generic_ro_fops 2005-11-07 07:53:41 -08:00
fuse [PATCH] FUSE: pass file handle in setattr 2005-11-07 07:53:42 -08:00
hfs
hfsplus
hostfs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
hpfs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
hppfs
hugetlbfs
isofs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
jbd [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
jffs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
jffs2 Merge master.kernel.org:/pub/scm/linux/kernel/git/tglx/mtd-2.6 2005-11-07 10:24:08 -08:00
jfs
lockd [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
minix
msdos
ncpfs
nfs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
nfs_common
nfsd [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
nls
ntfs
openpromfs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
partitions [PATCH] s390: cleanup of include/asm-s390/vtoc.h 2005-11-07 07:53:34 -08:00
proc Merge git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge 2005-11-07 20:23:46 -08:00
qnx4
ramfs
reiserfs
relayfs
romfs
smbfs [PATCH] smbfs: 'names_cache' memory leak 2005-11-07 07:53:39 -08:00
sysfs
sysv
udf [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
ufs [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
vfat
xfs
aio.c [PATCH] aio: remove aio_max_nr accounting race 2005-11-07 07:53:38 -08:00
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
binfmt_elf.c [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio.c
block_dev.c
buffer.c [PATCH] __find_get_block_slow() cleanup 2005-11-07 07:53:39 -08:00
char_dev.c
compat_ioctl.c [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
compat.c
dcache.c [PATCH] Remove hlist_for_each_rcu() API, convert existing use to hlist_for_each_entry_rcu 2005-11-07 07:53:35 -08:00
dcookies.c
direct-io.c
dnotify.c
dquot.c [PATCH] saner handling of auto_acct_off() and DQUOT_OFF() in umount 2005-11-07 18:18:09 -08:00
eventpoll.c
exec.c [PATCH] fix de_thread() vs send_group_sigqueue() race 2005-11-08 12:58:38 -08:00
fcntl.c
fifo.c
file_table.c
file.c
filesystems.c
fs-writeback.c [PATCH] kernel-docs: fix kernel-doc format problems 2005-11-07 07:53:55 -08:00
inode.c
inotify.c
ioctl.c
ioprio.c
Kconfig Merge master.kernel.org:/pub/scm/linux/kernel/git/tglx/mtd-2.6 2005-11-07 10:24:08 -08:00
Kconfig.binfmt
libfs.c
locks.c
Makefile [PATCH] beginning of the shared-subtree proper 2005-11-07 18:18:10 -08:00
mbcache.c [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00
mpage.c
namei.c [PATCH] VFS: pass file pointer to filesystem from ftruncate() 2005-11-07 07:53:42 -08:00
namespace.c [PATCH] unbindable mounts 2005-11-07 18:18:11 -08:00
nfsctl.c
open.c [PATCH] VFS: pass file pointer to filesystem from ftruncate() 2005-11-07 07:53:42 -08:00
pipe.c
pnode.c [PATCH] unbindable mounts 2005-11-07 18:18:11 -08:00
pnode.h [PATCH] unbindable mounts 2005-11-07 18:18:11 -08:00
posix_acl.c
quota_v1.c
quota_v2.c
quota.c [PATCH] quota: small cleanups 2005-11-07 07:53:39 -08:00
read_write.c
readdir.c
select.c
seq_file.c [PATCH] allow callers of seq_open do allocation themselves 2005-11-07 18:18:09 -08:00
stat.c
super.c [PATCH] saner handling of auto_acct_off() and DQUOT_OFF() in umount 2005-11-07 18:18:09 -08:00
xattr_acl.c
xattr.c [PATCH] kfree cleanup: fs 2005-11-07 07:54:06 -08:00