329f7dba5f
When non-leader thread does exec, de_thread calls release_task(leader) before calling exit_itimers(). If local timer interrupt happens in between, it can oops in send_group_sigqueue() while taking ->sighand->siglock == NULL. However, we can't change send_group_sigqueue() to check p->signal != NULL, because sys_timer_create() does get_task_struct() only in SIGEV_THREAD_ID case. So it is possible that this task_struct was already freed and we can't trust p->signal. This patch changes de_thread() so that leader released after exit_itimers() call. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Acked-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
||
|---|---|---|
| .. | ||
| 9p | ||
| adfs | ||
| affs | ||
| afs | ||
| autofs | ||
| autofs4 | ||
| befs | ||
| bfs | ||
| cifs | ||
| coda | ||
| cramfs | ||
| debugfs | ||
| devfs | ||
| devpts | ||
| efs | ||
| exportfs | ||
| ext2 | ||
| ext3 | ||
| fat | ||
| freevxfs | ||
| fuse | ||
| hfs | ||
| hfsplus | ||
| hostfs | ||
| hpfs | ||
| hppfs | ||
| hugetlbfs | ||
| isofs | ||
| jbd | ||
| jffs | ||
| jffs2 | ||
| jfs | ||
| lockd | ||
| minix | ||
| msdos | ||
| ncpfs | ||
| nfs | ||
| nfs_common | ||
| nfsd | ||
| nls | ||
| ntfs | ||
| openpromfs | ||
| partitions | ||
| proc | ||
| qnx4 | ||
| ramfs | ||
| reiserfs | ||
| relayfs | ||
| romfs | ||
| smbfs | ||
| sysfs | ||
| sysv | ||
| udf | ||
| ufs | ||
| vfat | ||
| xfs | ||
| aio.c | ||
| attr.c | ||
| bad_inode.c | ||
| binfmt_aout.c | ||
| binfmt_elf_fdpic.c | ||
| binfmt_elf.c | ||
| binfmt_em86.c | ||
| binfmt_flat.c | ||
| binfmt_misc.c | ||
| binfmt_script.c | ||
| binfmt_som.c | ||
| bio.c | ||
| block_dev.c | ||
| buffer.c | ||
| char_dev.c | ||
| compat_ioctl.c | ||
| compat.c | ||
| dcache.c | ||
| dcookies.c | ||
| direct-io.c | ||
| dnotify.c | ||
| dquot.c | ||
| eventpoll.c | ||
| exec.c | ||
| fcntl.c | ||
| fifo.c | ||
| file_table.c | ||
| file.c | ||
| filesystems.c | ||
| fs-writeback.c | ||
| inode.c | ||
| inotify.c | ||
| ioctl.c | ||
| ioprio.c | ||
| Kconfig | ||
| Kconfig.binfmt | ||
| libfs.c | ||
| locks.c | ||
| Makefile | ||
| mbcache.c | ||
| mpage.c | ||
| namei.c | ||
| namespace.c | ||
| nfsctl.c | ||
| open.c | ||
| pipe.c | ||
| pnode.c | ||
| pnode.h | ||
| posix_acl.c | ||
| quota_v1.c | ||
| quota_v2.c | ||
| quota.c | ||
| read_write.c | ||
| readdir.c | ||
| select.c | ||
| seq_file.c | ||
| stat.c | ||
| super.c | ||
| xattr_acl.c | ||
| xattr.c | ||