diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2007-08-22 17:01:58 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-08-22 22:52:47 -0400 |
commit | abd96ecb298675a21c412a29f5de2f80174d5f18 (patch) | |
tree | 5fb722fcfc224bf3e69a06a9e87d8fe56e1a6548 | |
parent | 5c076fce2e217240b44bc753a5ec8ecd379c6eb9 (diff) |
exec: kill unsafe BUG_ON(sig->count) checks
de_thread:
if (atomic_read(&oldsighand->count) <= 1)
BUG_ON(atomic_read(&sig->count) != 1);
This is not safe without the rmb() in between. The results of two
correctly ordered __exit_signal()->atomic_dec_and_test()'s could be seen
out of order on our CPU.
The same is true for the "thread_group_empty()" case, __unhash_process()'s
changes could be seen before atomic_dec_and_test(&sig->count).
On some platforms (including i386) atomic_read() doesn't provide even the
compiler barrier, in that case these checks are simply racy.
Remove these BUG_ON()'s. Alternatively, we can do something like
BUG_ON( ({ smp_rmb(); atomic_read(&sig->count) != 1; }) );
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/exec.c | 3 |
1 files changed, 0 insertions, 3 deletions
@@ -784,7 +784,6 @@ static int de_thread(struct task_struct *tsk) | |||
784 | * and we can just re-use it all. | 784 | * and we can just re-use it all. |
785 | */ | 785 | */ |
786 | if (atomic_read(&oldsighand->count) <= 1) { | 786 | if (atomic_read(&oldsighand->count) <= 1) { |
787 | BUG_ON(atomic_read(&sig->count) != 1); | ||
788 | signalfd_detach(tsk); | 787 | signalfd_detach(tsk); |
789 | exit_itimers(sig); | 788 | exit_itimers(sig); |
790 | return 0; | 789 | return 0; |
@@ -929,8 +928,6 @@ no_thread_group: | |||
929 | if (leader) | 928 | if (leader) |
930 | release_task(leader); | 929 | release_task(leader); |
931 | 930 | ||
932 | BUG_ON(atomic_read(&sig->count) != 1); | ||
933 | |||
934 | if (atomic_read(&oldsighand->count) == 1) { | 931 | if (atomic_read(&oldsighand->count) == 1) { |
935 | /* | 932 | /* |
936 | * Now that we nuked the rest of the thread group, | 933 | * Now that we nuked the rest of the thread group, |