diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2006-03-28 19:11:16 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-28 21:36:42 -0500 |
commit | 6b3934ef52712ece50605dfc72e55d00c580831a (patch) | |
tree | 5ec3c4f69a20880f75de6ff8d7d2f67d96328df3 | |
parent | 7001510d0cbf51ad202dd2d0744f54104285cbb9 (diff) |
[PATCH] copy_process: cleanup bad_fork_cleanup_signal
__exit_signal() does important cleanups atomically under ->siglock. It is
also called from copy_process's error path. This is not good, for example we
can't move __unhash_process() under ->siglock for that reason.
We should not mix these 2 paths, just look at ugly 'if (p->sighand)' under
'bad_fork_cleanup_sighand:' label. For copy_process() case it is sufficient
to just backout copy_signal(), nothing more.
Again, nobody can see this task yet. For CLONE_THREAD case we just decrement
signal->count, otherwise nobody can see this ->signal and we can free it
lockless.
This patch assumes it is safe to do exit_thread_group_keys() without
tasklist_lock.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | include/linux/sched.h | 2 | ||||
-rw-r--r-- | include/linux/slab.h | 1 | ||||
-rw-r--r-- | kernel/fork.c | 23 | ||||
-rw-r--r-- | kernel/signal.c | 15 |
4 files changed, 21 insertions, 20 deletions
diff --git a/include/linux/sched.h b/include/linux/sched.h index 69c2a1e1529e..7dd430b697aa 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
@@ -1149,7 +1149,7 @@ extern void flush_thread(void); | |||
1149 | extern void exit_thread(void); | 1149 | extern void exit_thread(void); |
1150 | 1150 | ||
1151 | extern void exit_files(struct task_struct *); | 1151 | extern void exit_files(struct task_struct *); |
1152 | extern void exit_signal(struct task_struct *); | 1152 | extern void __cleanup_signal(struct signal_struct *); |
1153 | extern void __exit_signal(struct task_struct *); | 1153 | extern void __exit_signal(struct task_struct *); |
1154 | extern void __exit_sighand(struct task_struct *); | 1154 | extern void __exit_sighand(struct task_struct *); |
1155 | extern void exit_itimers(struct signal_struct *); | 1155 | extern void exit_itimers(struct signal_struct *); |
diff --git a/include/linux/slab.h b/include/linux/slab.h index 15e1d9736b1b..3af03b19c983 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h | |||
@@ -210,7 +210,6 @@ extern kmem_cache_t *names_cachep; | |||
210 | extern kmem_cache_t *files_cachep; | 210 | extern kmem_cache_t *files_cachep; |
211 | extern kmem_cache_t *filp_cachep; | 211 | extern kmem_cache_t *filp_cachep; |
212 | extern kmem_cache_t *fs_cachep; | 212 | extern kmem_cache_t *fs_cachep; |
213 | extern kmem_cache_t *signal_cachep; | ||
214 | extern kmem_cache_t *sighand_cachep; | 213 | extern kmem_cache_t *sighand_cachep; |
215 | extern kmem_cache_t *bio_cachep; | 214 | extern kmem_cache_t *bio_cachep; |
216 | 215 | ||
diff --git a/kernel/fork.c b/kernel/fork.c index 8a46ad52be8f..0aff28cdbadd 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -84,7 +84,7 @@ static kmem_cache_t *task_struct_cachep; | |||
84 | #endif | 84 | #endif |
85 | 85 | ||
86 | /* SLAB cache for signal_struct structures (tsk->signal) */ | 86 | /* SLAB cache for signal_struct structures (tsk->signal) */ |
87 | kmem_cache_t *signal_cachep; | 87 | static kmem_cache_t *signal_cachep; |
88 | 88 | ||
89 | /* SLAB cache for sighand_struct structures (tsk->sighand) */ | 89 | /* SLAB cache for sighand_struct structures (tsk->sighand) */ |
90 | kmem_cache_t *sighand_cachep; | 90 | kmem_cache_t *sighand_cachep; |
@@ -872,6 +872,22 @@ static inline int copy_signal(unsigned long clone_flags, struct task_struct * ts | |||
872 | return 0; | 872 | return 0; |
873 | } | 873 | } |
874 | 874 | ||
875 | void __cleanup_signal(struct signal_struct *sig) | ||
876 | { | ||
877 | exit_thread_group_keys(sig); | ||
878 | kmem_cache_free(signal_cachep, sig); | ||
879 | } | ||
880 | |||
881 | static inline void cleanup_signal(struct task_struct *tsk) | ||
882 | { | ||
883 | struct signal_struct *sig = tsk->signal; | ||
884 | |||
885 | atomic_dec(&sig->live); | ||
886 | |||
887 | if (atomic_dec_and_test(&sig->count)) | ||
888 | __cleanup_signal(sig); | ||
889 | } | ||
890 | |||
875 | static inline void copy_flags(unsigned long clone_flags, struct task_struct *p) | 891 | static inline void copy_flags(unsigned long clone_flags, struct task_struct *p) |
876 | { | 892 | { |
877 | unsigned long new_flags = p->flags; | 893 | unsigned long new_flags = p->flags; |
@@ -1206,10 +1222,9 @@ bad_fork_cleanup_mm: | |||
1206 | if (p->mm) | 1222 | if (p->mm) |
1207 | mmput(p->mm); | 1223 | mmput(p->mm); |
1208 | bad_fork_cleanup_signal: | 1224 | bad_fork_cleanup_signal: |
1209 | exit_signal(p); | 1225 | cleanup_signal(p); |
1210 | bad_fork_cleanup_sighand: | 1226 | bad_fork_cleanup_sighand: |
1211 | if (p->sighand) | 1227 | __exit_sighand(p); |
1212 | __exit_sighand(p); | ||
1213 | bad_fork_cleanup_fs: | 1228 | bad_fork_cleanup_fs: |
1214 | exit_fs(p); /* blocking */ | 1229 | exit_fs(p); /* blocking */ |
1215 | bad_fork_cleanup_files: | 1230 | bad_fork_cleanup_files: |
diff --git a/kernel/signal.c b/kernel/signal.c index 1d7f4463c32d..54e9ef673e68 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
@@ -395,23 +395,10 @@ void __exit_signal(struct task_struct *tsk) | |||
395 | clear_tsk_thread_flag(tsk,TIF_SIGPENDING); | 395 | clear_tsk_thread_flag(tsk,TIF_SIGPENDING); |
396 | flush_sigqueue(&tsk->pending); | 396 | flush_sigqueue(&tsk->pending); |
397 | if (sig) { | 397 | if (sig) { |
398 | /* | 398 | __cleanup_signal(sig); |
399 | * We are cleaning up the signal_struct here. | ||
400 | */ | ||
401 | exit_thread_group_keys(sig); | ||
402 | kmem_cache_free(signal_cachep, sig); | ||
403 | } | 399 | } |
404 | } | 400 | } |
405 | 401 | ||
406 | void exit_signal(struct task_struct *tsk) | ||
407 | { | ||
408 | atomic_dec(&tsk->signal->live); | ||
409 | |||
410 | write_lock_irq(&tasklist_lock); | ||
411 | __exit_signal(tsk); | ||
412 | write_unlock_irq(&tasklist_lock); | ||
413 | } | ||
414 | |||
415 | /* | 402 | /* |
416 | * Flush all handlers for a task. | 403 | * Flush all handlers for a task. |
417 | */ | 404 | */ |