reparent_thread: fix a zombie leak if /sbin/init ignores SIGCHLD

If /sbin/init ignores SIGCHLD and we re-parent a zombie, it is leaked. reparent_thread() does do_notify_parent() which sets ->exit_signal = -1 in this case. This means that nobody except us can reap it, the detached task is not visible to do_wait(). Change reparent_thread() to return a boolean (like __pthread_detach) to indicate that the thread is dead and must be released. Also change forget_original_parent() to add the child to ptrace_dead list in this case. The naming becomes insane, the next patch does the cleanup. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Roland McGrath <roland@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Oleg Nesterov <oleg@redhat.com> 2009-04-02 19:58:17 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-04-02 22:04:59 -0400
commit: 7f5d3652d469cdf9eb2365dfea7ce3fb9e1409cc (patch)
tree: 590f845665e166694ba0f9ba0e6d2267e15d8aae
parent: b1442b055c154699a6a2c436f3352f71b6beede3 (diff)
1 files changed, 17 insertions, 5 deletions
diff --git a/kernel/exit.c b/kernel/exit.c
index 5be0a406faeb..3e09b7cb3b20 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -810,8 +810,11 @@ static void ptrace_exit_finish(struct task_struct *parent,
        }
 }
-static void reparent_thread(struct task_struct *p, struct task_struct *father)
+/* Returns nonzero if the child should be released. */
+static int reparent_thread(struct task_struct *p, struct task_struct *father)
 {
+        int dead;
        if (p->pdeath_signal)
                /* We already hold the tasklist_lock here.  */
                group_send_sig_info(p->pdeath_signal, SEND_SIG_NOINFO, p);
@@ -819,12 +822,12 @@ static void reparent_thread(struct task_struct *p, struct task_struct *father)
        list_move_tail(&p->sibling, &p->real_parent->children);
        if (task_detached(p))
-                return;
+                return 0;
        /* If this is a threaded reparent there is no need to
         * notify anyone anything has happened.
         */
        if (same_thread_group(p->real_parent, father))
-                return;
+                return 0;
        /* We don't want people slaying init.  */
        p->exit_signal = SIGCHLD;
@@ -832,11 +835,19 @@ static void reparent_thread(struct task_struct *p, struct task_struct *father)
        /* If we'd notified the old parent about this child's death,
         * also notify the new parent.
         */
+        dead = 0;
        if (!p->ptrace &&
-            p->exit_state == EXIT_ZOMBIE && thread_group_empty(p))
+            p->exit_state == EXIT_ZOMBIE && thread_group_empty(p)) {
                do_notify_parent(p, p->exit_signal);
+                if (task_detached(p)) {
+                        p->exit_state = EXIT_DEAD;
+                        dead = 1;
+                }
+        }
        kill_orphaned_pgrp(p, father);
+        return dead;
 }
 /*
@@ -896,7 +907,8 @@ static void forget_original_parent(struct task_struct *father)
                        BUG_ON(p->ptrace);
                        p->parent = p->real_parent;
                }
-                reparent_thread(p, father);
+                if (reparent_thread(p, father))
+                        list_add(&p->ptrace_entry, &ptrace_dead);;
        }
        write_unlock_irq(&tasklist_lock);
author	Oleg Nesterov <oleg@redhat.com>	2009-04-02 19:58:17 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-04-02 22:04:59 -0400
commit	7f5d3652d469cdf9eb2365dfea7ce3fb9e1409cc (patch)
tree	590f845665e166694ba0f9ba0e6d2267e15d8aae
parent	b1442b055c154699a6a2c436f3352f71b6beede3 (diff)