summaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@tv-sign.ru>2005-11-07 21:12:43 +0300
committerLinus Torvalds <torvalds@g5.osdl.org>2005-11-08 12:58:38 -0800
commit329f7dba5f7dc3bc9a30ad00cf373d2e83115aa1 (patch)
tree3d8c8b2fd07ad2c1df959421121451207373f78f /arch
parenta52e8381c430896d3bd6065a34fda99cb5c74c82 (diff)
downloadkernel-crypto-329f7dba5f7dc3bc9a30ad00cf373d2e83115aa1.tar.gz
kernel-crypto-329f7dba5f7dc3bc9a30ad00cf373d2e83115aa1.tar.xz
kernel-crypto-329f7dba5f7dc3bc9a30ad00cf373d2e83115aa1.zip
[PATCH] fix de_thread() vs send_group_sigqueue() race
When non-leader thread does exec, de_thread calls release_task(leader) before calling exit_itimers(). If local timer interrupt happens in between, it can oops in send_group_sigqueue() while taking ->sighand->siglock == NULL. However, we can't change send_group_sigqueue() to check p->signal != NULL, because sys_timer_create() does get_task_struct() only in SIGEV_THREAD_ID case. So it is possible that this task_struct was already freed and we can't trust p->signal. This patch changes de_thread() so that leader released after exit_itimers() call. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Acked-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch')
0 files changed, 0 insertions, 0 deletions