From: Oleg Nesterov <oleg@tv-sign.ru>
To: linux-kernel@vger.kernel.org
Cc: george@mvista.com, paulmck@us.ibm.com,
Roland McGrath <roland@redhat.com>,
akpm@osdl.org, dipankar@in.ibm.com, mingo@elte.hu,
Linus Torvalds <torvalds@osdl.org>,
Chris Wright <chrisw@osdl.org>
Subject: [PATCH] fix do_wait() vs exec() race
Date: Tue, 22 Nov 2005 22:20:37 +0300 [thread overview]
Message-ID: <43836F85.CF6D9CA3@tv-sign.ru> (raw)
In-Reply-To: 43826FDC.8010401@mvista.com
When non-leader thread does exec, de_thread adds old leader to the
init's ->children list in EXIT_ZOMBIE state and drops tasklist_lock.
This means that release_task(leader) in de_thread() is racy vs do_wait()
from init task.
I think de_thread() should set old leader's state to EXIT_DEAD instead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
--- 2.6.15-rc2/fs/exec.c~ 2005-11-22 19:35:31.000000000 +0300
+++ 2.6.15-rc2/fs/exec.c 2005-11-23 00:49:23.000000000 +0300
@@ -668,7 +668,7 @@ static inline int de_thread(struct task_
if (!thread_group_leader(current)) {
struct task_struct *parent;
struct dentry *proc_dentry1, *proc_dentry2;
- unsigned long exit_state, ptrace;
+ unsigned long ptrace;
/*
* Wait for the thread group leader to be a zombie.
@@ -726,15 +726,15 @@ static inline int de_thread(struct task_
list_del(¤t->tasks);
list_add_tail(¤t->tasks, &init_task.tasks);
current->exit_signal = SIGCHLD;
- exit_state = leader->exit_state;
+
+ BUG_ON(leader->exit_state != EXIT_ZOMBIE);
+ leader->exit_state = EXIT_DEAD;
write_unlock_irq(&tasklist_lock);
spin_unlock(&leader->proc_lock);
spin_unlock(¤t->proc_lock);
proc_pid_flush(proc_dentry1);
proc_pid_flush(proc_dentry2);
-
- BUG_ON(exit_state != EXIT_ZOMBIE);
}
/*
prev parent reply other threads:[~2005-11-22 18:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-05 1:36 [PATCH] Additional/catchup RCU signal fixes for -mm Paul E. McKenney
2005-11-05 16:32 ` Oleg Nesterov
2005-11-06 1:00 ` Paul E. McKenney
2005-11-06 14:17 ` Oleg Nesterov
2005-11-06 14:46 ` Oleg Nesterov
2005-11-06 23:02 ` Paul E. McKenney
2005-11-06 14:32 ` Posix timers vs exec problems Oleg Nesterov
2005-11-07 18:12 ` [PATCH] fix de_thread() vs send_group_sigqueue() race Oleg Nesterov
2005-11-08 20:36 ` Chris Wright
2005-11-08 20:55 ` Linus Torvalds
2005-11-16 23:26 ` [PATCH] sigaction should clear all signals on SIG_IGN, not just < 32 George Anzinger
2005-11-22 1:09 ` Thread group exec race -> null pointer... HELP George Anzinger
2005-11-22 14:45 ` Oleg Nesterov
2005-11-23 20:30 ` George Anzinger
2005-11-25 15:03 ` Ingo Molnar
2005-11-22 19:20 ` Oleg Nesterov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43836F85.CF6D9CA3@tv-sign.ru \
--to=oleg@tv-sign.ru \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=dipankar@in.ibm.com \
--cc=george@mvista.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulmck@us.ibm.com \
--cc=roland@redhat.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox