aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/exit.c
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@redhat.com>2010-05-26 17:43:17 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2010-05-27 12:12:46 -0400
commit4ada856fb0ee62f6fe3aac3de726deac0640d929 (patch)
tree8dd3efbc19f6e1f1dac2ff7afdcd9658fb08b814 /kernel/exit.c
parentea6d290ca34c4fd91b7348338c0cc7bdeff94a35 (diff)
signals: clear signal->tty when the last thread exits
When the last thread exits signal->tty is freed, but the pointer is not cleared and points to nowhere. This is OK. Nobody should use signal->tty lockless, and it is no longer possible to take ->siglock. However this looks wrong even if correct, and the nice OOPS is better than subtle and hard to find bugs. Change __exit_signal() to clear signal->tty under ->siglock. Note: __exit_signal() needs more cleanups. It should not check "sig != NULL" to detect the all-dead case and we have the same issues with signal->stats. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Alan Cox <alan@linux.intel.com> Cc: Ingo Molnar <mingo@elte.hu> Acked-by: Peter Zijlstra <peterz@infradead.org> Acked-by: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/exit.c')
-rw-r--r--kernel/exit.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/kernel/exit.c b/kernel/exit.c
index 92af5cde9bb..356d91fa095 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -80,6 +80,7 @@ static void __exit_signal(struct task_struct *tsk)
80{ 80{
81 struct signal_struct *sig = tsk->signal; 81 struct signal_struct *sig = tsk->signal;
82 struct sighand_struct *sighand; 82 struct sighand_struct *sighand;
83 struct tty_struct *uninitialized_var(tty);
83 84
84 BUG_ON(!sig); 85 BUG_ON(!sig);
85 BUG_ON(!atomic_read(&sig->count)); 86 BUG_ON(!atomic_read(&sig->count));
@@ -93,6 +94,8 @@ static void __exit_signal(struct task_struct *tsk)
93 posix_cpu_timers_exit(tsk); 94 posix_cpu_timers_exit(tsk);
94 if (thread_group_leader(tsk)) { 95 if (thread_group_leader(tsk)) {
95 posix_cpu_timers_exit_group(tsk); 96 posix_cpu_timers_exit_group(tsk);
97 tty = sig->tty;
98 sig->tty = NULL;
96 } else { 99 } else {
97 /* 100 /*
98 * If there is any task waiting for the group exit 101 * If there is any task waiting for the group exit
@@ -147,7 +150,7 @@ static void __exit_signal(struct task_struct *tsk)
147 * see account_group_exec_runtime(). 150 * see account_group_exec_runtime().
148 */ 151 */
149 task_rq_unlock_wait(tsk); 152 task_rq_unlock_wait(tsk);
150 tty_kref_put(sig->tty); 153 tty_kref_put(tty);
151 } 154 }
152} 155}
153 156