[PATCH] copy_process: cleanup bad_fork_cleanup_sighand

The only caller of exit_sighand(tsk) is copy_process's error path.  We can
call __exit_sighand() directly and kill exit_sighand().

This 'tsk' was not yet registered in pid_hash[] or init_task.tasks, it has no
external references, nobody can see it, and

	IF (clone_flags & CLONE_SIGHAND)
		At least 'current' has a reference to ->sighand, this
		means atomic_dec_and_test(sighand->count) can't be true.

	ELSE
		Nobody can see this ->sighand, this means we can free it
		without any locking.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

2 files changed, 2 insertions, 15 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 33ffb5bf0dbc..8a46ad52be8f 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1208,7 +1208,8 @@ bad_fork_cleanup_mm:
 bad_fork_cleanup_signal:
         exit_signal(p);
 bad_fork_cleanup_sighand:
-        exit_sighand(p);
+        if (p->sighand)
+                __exit_sighand(p);
 bad_fork_cleanup_fs:
         exit_fs(p); /* blocking */
 bad_fork_cleanup_files:
diff --git a/kernel/signal.c b/kernel/signal.c
index c5b65aa4c2bc..1d7f4463c32d 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -336,20 +336,6 @@ void __exit_sighand(struct task_struct *tsk)
                 kmem_cache_free(sighand_cachep, sighand);
 }
 
-void exit_sighand(struct task_struct *tsk)
-{
-        write_lock_irq(&tasklist_lock);
-        rcu_read_lock();
-        if (tsk->sighand != NULL) {
-                struct sighand_struct *sighand = rcu_dereference(tsk->sighand);
-                spin_lock(&sighand->siglock);
-                __exit_sighand(tsk);
-                spin_unlock(&sighand->siglock);
-        }
-        rcu_read_unlock();
-        write_unlock_irq(&tasklist_lock);
-}
-
 /*
  * This function expects the tasklist_lock write-locked.
  */