diff options
author | Oleg Nesterov <oleg@redhat.com> | 2010-05-26 17:43:17 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-05-27 12:12:46 -0400 |
commit | 4ada856fb0ee62f6fe3aac3de726deac0640d929 (patch) | |
tree | 8dd3efbc19f6e1f1dac2ff7afdcd9658fb08b814 /kernel | |
parent | ea6d290ca34c4fd91b7348338c0cc7bdeff94a35 (diff) |
signals: clear signal->tty when the last thread exits
When the last thread exits signal->tty is freed, but the pointer is not
cleared and points to nowhere.
This is OK. Nobody should use signal->tty lockless, and it is no longer
possible to take ->siglock. However this looks wrong even if correct, and
the nice OOPS is better than subtle and hard to find bugs.
Change __exit_signal() to clear signal->tty under ->siglock.
Note: __exit_signal() needs more cleanups. It should not check "sig !=
NULL" to detect the all-dead case and we have the same issues with
signal->stats.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Alan Cox <alan@linux.intel.com>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/exit.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 92af5cde9bbe..356d91fa095f 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
@@ -80,6 +80,7 @@ static void __exit_signal(struct task_struct *tsk) | |||
80 | { | 80 | { |
81 | struct signal_struct *sig = tsk->signal; | 81 | struct signal_struct *sig = tsk->signal; |
82 | struct sighand_struct *sighand; | 82 | struct sighand_struct *sighand; |
83 | struct tty_struct *uninitialized_var(tty); | ||
83 | 84 | ||
84 | BUG_ON(!sig); | 85 | BUG_ON(!sig); |
85 | BUG_ON(!atomic_read(&sig->count)); | 86 | BUG_ON(!atomic_read(&sig->count)); |
@@ -93,6 +94,8 @@ static void __exit_signal(struct task_struct *tsk) | |||
93 | posix_cpu_timers_exit(tsk); | 94 | posix_cpu_timers_exit(tsk); |
94 | if (thread_group_leader(tsk)) { | 95 | if (thread_group_leader(tsk)) { |
95 | posix_cpu_timers_exit_group(tsk); | 96 | posix_cpu_timers_exit_group(tsk); |
97 | tty = sig->tty; | ||
98 | sig->tty = NULL; | ||
96 | } else { | 99 | } else { |
97 | /* | 100 | /* |
98 | * If there is any task waiting for the group exit | 101 | * If there is any task waiting for the group exit |
@@ -147,7 +150,7 @@ static void __exit_signal(struct task_struct *tsk) | |||
147 | * see account_group_exec_runtime(). | 150 | * see account_group_exec_runtime(). |
148 | */ | 151 | */ |
149 | task_rq_unlock_wait(tsk); | 152 | task_rq_unlock_wait(tsk); |
150 | tty_kref_put(sig->tty); | 153 | tty_kref_put(tty); |
151 | } | 154 | } |
152 | } | 155 | } |
153 | 156 | ||