diff options
| author | Oleg Nesterov <oleg@tv-sign.ru> | 2008-02-05 01:27:24 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-05 12:44:07 -0500 |
| commit | ed5d2cac114202fe2978a9cbcab8f5032796d538 (patch) | |
| tree | aa9aaea1aa0945bd9159685d1b04897d105a90c9 /kernel | |
| parent | f558b7e408026eb3c6afcd0e8fc1f7fe31195a6a (diff) | |
exec: rework the group exit and fix the race with kill
As Roland pointed out, we have the very old problem with exec. de_thread()
sets SIGNAL_GROUP_EXIT, kills other threads, changes ->group_leader and then
clears signal->flags. All signals (even fatal ones) sent in this window
(which is not too small) will be lost.
With this patch exec doesn't abuse SIGNAL_GROUP_EXIT. signal_group_exit(),
the new helper, should be used to detect exit_group() or exec() in progress.
It can have more users, but this patch does only strictly necessary changes.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Robin Holt <holt@sgi.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/exit.c | 3 | ||||
| -rw-r--r-- | kernel/signal.c | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 9e459fefda77..9d3d0f0b27d9 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
| @@ -1083,11 +1083,12 @@ do_group_exit(int exit_code) | |||
| 1083 | struct signal_struct *const sig = current->signal; | 1083 | struct signal_struct *const sig = current->signal; |
| 1084 | struct sighand_struct *const sighand = current->sighand; | 1084 | struct sighand_struct *const sighand = current->sighand; |
| 1085 | spin_lock_irq(&sighand->siglock); | 1085 | spin_lock_irq(&sighand->siglock); |
| 1086 | if (sig->flags & SIGNAL_GROUP_EXIT) | 1086 | if (signal_group_exit(sig)) |
| 1087 | /* Another thread got here before we took the lock. */ | 1087 | /* Another thread got here before we took the lock. */ |
| 1088 | exit_code = sig->group_exit_code; | 1088 | exit_code = sig->group_exit_code; |
| 1089 | else { | 1089 | else { |
| 1090 | sig->group_exit_code = exit_code; | 1090 | sig->group_exit_code = exit_code; |
| 1091 | sig->flags = SIGNAL_GROUP_EXIT; | ||
| 1091 | zap_other_threads(current); | 1092 | zap_other_threads(current); |
| 1092 | } | 1093 | } |
| 1093 | spin_unlock_irq(&sighand->siglock); | 1094 | spin_unlock_irq(&sighand->siglock); |
diff --git a/kernel/signal.c b/kernel/signal.c index 1117b28488c2..6a5f97cd337a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
| @@ -957,7 +957,6 @@ void zap_other_threads(struct task_struct *p) | |||
| 957 | { | 957 | { |
| 958 | struct task_struct *t; | 958 | struct task_struct *t; |
| 959 | 959 | ||
| 960 | p->signal->flags = SIGNAL_GROUP_EXIT; | ||
| 961 | p->signal->group_stop_count = 0; | 960 | p->signal->group_stop_count = 0; |
| 962 | 961 | ||
| 963 | for (t = next_thread(p); t != p; t = next_thread(t)) { | 962 | for (t = next_thread(p); t != p; t = next_thread(t)) { |
| @@ -1697,7 +1696,8 @@ static int do_signal_stop(int signr) | |||
| 1697 | } else { | 1696 | } else { |
| 1698 | struct task_struct *t; | 1697 | struct task_struct *t; |
| 1699 | 1698 | ||
| 1700 | if (!likely(sig->flags & SIGNAL_STOP_DEQUEUED)) | 1699 | if (!likely(sig->flags & SIGNAL_STOP_DEQUEUED) || |
| 1700 | unlikely(sig->group_exit_task)) | ||
| 1701 | return 0; | 1701 | return 0; |
| 1702 | /* | 1702 | /* |
| 1703 | * There is no group stop already in progress. | 1703 | * There is no group stop already in progress. |