From: Oleg Nesterov <oleg@tv-sign.ru>
Date: Mon, 7 Nov 2005 18:12:43 +0000 (+0300)
Subject: [PATCH] fix de_thread() vs send_group_sigqueue() race
X-Git-Tag: v2.6.15-rc1~404
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=329f7dba5f7dc3bc9a30ad00cf373d2e83115aa1;p=pandora-kernel.git

[PATCH] fix de_thread() vs send_group_sigqueue() race

When non-leader thread does exec, de_thread calls release_task(leader) before
calling exit_itimers(). If local timer interrupt happens in between, it can
oops in send_group_sigqueue() while taking ->sighand->siglock == NULL.

However, we can't change send_group_sigqueue() to check p->signal != NULL,
because sys_timer_create() does get_task_struct() only in SIGEV_THREAD_ID
case. So it is possible that this task_struct was already freed and we can't
trust p->signal.

This patch changes de_thread() so that leader released after exit_itimers()
call.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Acked-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

Reading git-diff-tree failed