1 files changed, 352 insertions, 162 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index f91218a5463e..7ef7f6054c28 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -95,99 +95,304 @@ int cad_pid = 1;
 *      and the like. 
 */
-static struct notifier_block *reboot_notifier_list;
+static BLOCKING_NOTIFIER_HEAD(reboot_notifier_list);
-static DEFINE_RWLOCK(notifier_lock);
+/*
+ *      Notifier chain core routines.  The exported routines below
+ *      are layered on top of these, with appropriate locking added.
+ */
+static int notifier_chain_register(struct notifier_block **nl,
+                struct notifier_block *n)
+{
+        while ((*nl) != NULL) {
+                if (n->priority > (*nl)->priority)
+                        break;
+                nl = &((*nl)->next);
+        }
+        n->next = *nl;
+        rcu_assign_pointer(*nl, n);
+        return 0;
+}
+static int notifier_chain_unregister(struct notifier_block **nl,
+                struct notifier_block *n)
+{
+        while ((*nl) != NULL) {
+                if ((*nl) == n) {
+                        rcu_assign_pointer(*nl, n->next);
+                        return 0;
+                }
+                nl = &((*nl)->next);
+        }
+        return -ENOENT;
+}
+static int __kprobes notifier_call_chain(struct notifier_block **nl,
+                unsigned long val, void *v)
+{
+        int ret = NOTIFY_DONE;
+        struct notifier_block *nb;
+        nb = rcu_dereference(*nl);
+        while (nb) {
+                ret = nb->notifier_call(nb, val, v);
+                if ((ret & NOTIFY_STOP_MASK) == NOTIFY_STOP_MASK)
+                        break;
+                nb = rcu_dereference(nb->next);
+        }
+        return ret;
+}
+/*
+ *      Atomic notifier chain routines.  Registration and unregistration
+ *      use a mutex, and call_chain is synchronized by RCU (no locks).
+ */
 /**
- *      notifier_chain_register - Add notifier to a notifier chain
+ *      atomic_notifier_chain_register - Add notifier to an atomic notifier chain
- *      @list: Pointer to root list pointer
+ *      @nh: Pointer to head of the atomic notifier chain
 *      @n: New entry in notifier chain
 *
- *      Adds a notifier to a notifier chain.
+ *      Adds a notifier to an atomic notifier chain.
 *
 *      Currently always returns zero.
 */
+int atomic_notifier_chain_register(struct atomic_notifier_head *nh,
+                struct notifier_block *n)
+{
+        unsigned long flags;
+        int ret;
+        spin_lock_irqsave(&nh->lock, flags);
+        ret = notifier_chain_register(&nh->head, n);
+        spin_unlock_irqrestore(&nh->lock, flags);
+        return ret;
+}
+EXPORT_SYMBOL_GPL(atomic_notifier_chain_register);
+/**
+ *      atomic_notifier_chain_unregister - Remove notifier from an atomic notifier chain
+ *      @nh: Pointer to head of the atomic notifier chain
+ *      @n: Entry to remove from notifier chain
+ *
+ *      Removes a notifier from an atomic notifier chain.
+ *
+ *      Returns zero on success or %-ENOENT on failure.
+ */
+int atomic_notifier_chain_unregister(struct atomic_notifier_head *nh,
+                struct notifier_block *n)
+{
+        unsigned long flags;
+        int ret;
+        spin_lock_irqsave(&nh->lock, flags);
+        ret = notifier_chain_unregister(&nh->head, n);
+        spin_unlock_irqrestore(&nh->lock, flags);
+        synchronize_rcu();
+        return ret;
+}
+EXPORT_SYMBOL_GPL(atomic_notifier_chain_unregister);
+/**
+ *      atomic_notifier_call_chain - Call functions in an atomic notifier chain
+ *      @nh: Pointer to head of the atomic notifier chain
+ *      @val: Value passed unmodified to notifier function
+ *      @v: Pointer passed unmodified to notifier function
+ *
+ *      Calls each function in a notifier chain in turn.  The functions
+ *      run in an atomic context, so they must not block.
+ *      This routine uses RCU to synchronize with changes to the chain.
+ *
+ *      If the return value of the notifier can be and'ed
+ *      with %NOTIFY_STOP_MASK then atomic_notifier_call_chain
+ *      will return immediately, with the return value of
+ *      the notifier function which halted execution.
+ *      Otherwise the return value is the return value
+ *      of the last notifier function called.
+ */
 
-int notifier_chain_register(struct notifier_block **list, struct notifier_block *n)
+int atomic_notifier_call_chain(struct atomic_notifier_head *nh,
+                unsigned long val, void *v)
 {
-        write_lock(&notifier_lock);
+        int ret;
-        while(*list)
-        {
+        rcu_read_lock();
-                if(n->priority > (*list)->priority)
+        ret = notifier_call_chain(&nh->head, val, v);
-                        break;
+        rcu_read_unlock();
-                list= &((*list)->next);
+        return ret;
-        }
-        n->next = *list;
-        *list=n;
-        write_unlock(&notifier_lock);
-        return 0;
 }
-EXPORT_SYMBOL(notifier_chain_register);
+EXPORT_SYMBOL_GPL(atomic_notifier_call_chain);
+/*
+ *      Blocking notifier chain routines.  All access to the chain is
+ *      synchronized by an rwsem.
+ */
 /**
- *      notifier_chain_unregister - Remove notifier from a notifier chain
+ *      blocking_notifier_chain_register - Add notifier to a blocking notifier chain
- *      @nl: Pointer to root list pointer
+ *      @nh: Pointer to head of the blocking notifier chain
 *      @n: New entry in notifier chain
 *
- *      Removes a notifier from a notifier chain.
+ *      Adds a notifier to a blocking notifier chain.
+ *      Must be called in process context.
 *
- *      Returns zero on success, or %-ENOENT on failure.
+ *      Currently always returns zero.
 */
 
-int notifier_chain_unregister(struct notifier_block **nl, struct notifier_block *n)
+int blocking_notifier_chain_register(struct blocking_notifier_head *nh,
+                struct notifier_block *n)
 {
-        write_lock(&notifier_lock);
+        int ret;
-        while((*nl)!=NULL)
-        {
+        /*
-                if((*nl)==n)
+         * This code gets used during boot-up, when task switching is
-                {
+         * not yet working and interrupts must remain disabled.  At
-                        *nl=n->next;
+         * such times we must not call down_write().
-                        write_unlock(&notifier_lock);
+         */
-                        return 0;
+        if (unlikely(system_state == SYSTEM_BOOTING))
-                }
+                return notifier_chain_register(&nh->head, n);
-                nl=&((*nl)->next);
-        }
+        down_write(&nh->rwsem);
-        write_unlock(&notifier_lock);
+        ret = notifier_chain_register(&nh->head, n);
-        return -ENOENT;
+        up_write(&nh->rwsem);
+        return ret;
 }
-EXPORT_SYMBOL(notifier_chain_unregister);
+EXPORT_SYMBOL_GPL(blocking_notifier_chain_register);
 /**
- *      notifier_call_chain - Call functions in a notifier chain
+ *      blocking_notifier_chain_unregister - Remove notifier from a blocking notifier chain
- *      @n: Pointer to root pointer of notifier chain
+ *      @nh: Pointer to head of the blocking notifier chain
+ *      @n: Entry to remove from notifier chain
+ *
+ *      Removes a notifier from a blocking notifier chain.
+ *      Must be called from process context.
+ *
+ *      Returns zero on success or %-ENOENT on failure.
+ */
+int blocking_notifier_chain_unregister(struct blocking_notifier_head *nh,
+                struct notifier_block *n)
+{
+        int ret;
+        /*
+         * This code gets used during boot-up, when task switching is
+         * not yet working and interrupts must remain disabled.  At
+         * such times we must not call down_write().
+         */
+        if (unlikely(system_state == SYSTEM_BOOTING))
+                return notifier_chain_unregister(&nh->head, n);
+        down_write(&nh->rwsem);
+        ret = notifier_chain_unregister(&nh->head, n);
+        up_write(&nh->rwsem);
+        return ret;
+}
+EXPORT_SYMBOL_GPL(blocking_notifier_chain_unregister);
+/**
+ *      blocking_notifier_call_chain - Call functions in a blocking notifier chain
+ *      @nh: Pointer to head of the blocking notifier chain
 *      @val: Value passed unmodified to notifier function
 *      @v: Pointer passed unmodified to notifier function
 *
- *      Calls each function in a notifier chain in turn.
+ *      Calls each function in a notifier chain in turn.  The functions
+ *      run in a process context, so they are allowed to block.
 *
- *      If the return value of the notifier can be and'd
+ *      If the return value of the notifier can be and'ed
- *      with %NOTIFY_STOP_MASK, then notifier_call_chain
+ *      with %NOTIFY_STOP_MASK then blocking_notifier_call_chain
 *      will return immediately, with the return value of
 *      the notifier function which halted execution.
- *      Otherwise, the return value is the return value
+ *      Otherwise the return value is the return value
 *      of the last notifier function called.
 */
 
-int __kprobes notifier_call_chain(struct notifier_block **n, unsigned long val, void *v)
+int blocking_notifier_call_chain(struct blocking_notifier_head *nh,
+                unsigned long val, void *v)
 {
-        int ret=NOTIFY_DONE;
+        int ret;
-        struct notifier_block *nb = *n;
-        while(nb)
+        down_read(&nh->rwsem);
-        {
+        ret = notifier_call_chain(&nh->head, val, v);
-                ret=nb->notifier_call(nb,val,v);
+        up_read(&nh->rwsem);
-                if(ret&NOTIFY_STOP_MASK)
-                {
-                        return ret;
-                }
-                nb=nb->next;
-        }
        return ret;
 }
-EXPORT_SYMBOL(notifier_call_chain);
+EXPORT_SYMBOL_GPL(blocking_notifier_call_chain);
+/*
+ *      Raw notifier chain routines.  There is no protection;
+ *      the caller must provide it.  Use at your own risk!
+ */
+/**
+ *      raw_notifier_chain_register - Add notifier to a raw notifier chain
+ *      @nh: Pointer to head of the raw notifier chain
+ *      @n: New entry in notifier chain
+ *
+ *      Adds a notifier to a raw notifier chain.
+ *      All locking must be provided by the caller.
+ *
+ *      Currently always returns zero.
+ */
+int raw_notifier_chain_register(struct raw_notifier_head *nh,
+                struct notifier_block *n)
+{
+        return notifier_chain_register(&nh->head, n);
+}
+EXPORT_SYMBOL_GPL(raw_notifier_chain_register);
+/**
+ *      raw_notifier_chain_unregister - Remove notifier from a raw notifier chain
+ *      @nh: Pointer to head of the raw notifier chain
+ *      @n: Entry to remove from notifier chain
+ *
+ *      Removes a notifier from a raw notifier chain.
+ *      All locking must be provided by the caller.
+ *
+ *      Returns zero on success or %-ENOENT on failure.
+ */
+int raw_notifier_chain_unregister(struct raw_notifier_head *nh,
+                struct notifier_block *n)
+{
+        return notifier_chain_unregister(&nh->head, n);
+}
+EXPORT_SYMBOL_GPL(raw_notifier_chain_unregister);
+/**
+ *      raw_notifier_call_chain - Call functions in a raw notifier chain
+ *      @nh: Pointer to head of the raw notifier chain
+ *      @val: Value passed unmodified to notifier function
+ *      @v: Pointer passed unmodified to notifier function
+ *
+ *      Calls each function in a notifier chain in turn.  The functions
+ *      run in an undefined context.
+ *      All locking must be provided by the caller.
+ *
+ *      If the return value of the notifier can be and'ed
+ *      with %NOTIFY_STOP_MASK then raw_notifier_call_chain
+ *      will return immediately, with the return value of
+ *      the notifier function which halted execution.
+ *      Otherwise the return value is the return value
+ *      of the last notifier function called.
+ */
+int raw_notifier_call_chain(struct raw_notifier_head *nh,
+                unsigned long val, void *v)
+{
+        return notifier_call_chain(&nh->head, val, v);
+}
+EXPORT_SYMBOL_GPL(raw_notifier_call_chain);
 /**
 *      register_reboot_notifier - Register function to be called at reboot time
@@ -196,13 +401,13 @@ EXPORT_SYMBOL(notifier_call_chain);
 *      Registers a function with the list of functions
 *      to be called at reboot time.
 *
- *      Currently always returns zero, as notifier_chain_register
+ *      Currently always returns zero, as blocking_notifier_chain_register
 *      always returns zero.
 */
 
 int register_reboot_notifier(struct notifier_block * nb)
 {
-        return notifier_chain_register(&reboot_notifier_list, nb);
+        return blocking_notifier_chain_register(&reboot_notifier_list, nb);
 }
 EXPORT_SYMBOL(register_reboot_notifier);
@@ -219,23 +424,11 @@ EXPORT_SYMBOL(register_reboot_notifier);
 
 int unregister_reboot_notifier(struct notifier_block * nb)
 {
-        return notifier_chain_unregister(&reboot_notifier_list, nb);
+        return blocking_notifier_chain_unregister(&reboot_notifier_list, nb);
 }
 EXPORT_SYMBOL(unregister_reboot_notifier);
-#ifndef CONFIG_SECURITY
-int capable(int cap)
-{
-        if (cap_raised(current->cap_effective, cap)) {
-               current->flags |= PF_SUPERPRIV;
-               return 1;
-        }
-        return 0;
-}
-EXPORT_SYMBOL(capable);
-#endif
 static int set_one_prio(struct task_struct *p, int niceval, int error)
 {
        int no_nice;
@@ -392,7 +585,7 @@ EXPORT_SYMBOL_GPL(emergency_restart);
 void kernel_restart_prepare(char *cmd)
 {
-        notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd);
+        blocking_notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd);
        system_state = SYSTEM_RESTART;
        device_shutdown();
 }
@@ -442,7 +635,7 @@ EXPORT_SYMBOL_GPL(kernel_kexec);
 void kernel_shutdown_prepare(enum system_states state)
 {
-        notifier_call_chain(&reboot_notifier_list,
+        blocking_notifier_call_chain(&reboot_notifier_list,
                (state == SYSTEM_HALT)?SYS_HALT:SYS_POWER_OFF, NULL);
        system_state = state;
        device_shutdown();
@@ -1009,69 +1202,24 @@ asmlinkage long sys_times(struct tms __user * tbuf)
         */
        if (tbuf) {
                struct tms tmp;
+                struct task_struct *tsk = current;
+                struct task_struct *t;
                cputime_t utime, stime, cutime, cstime;
-#ifdef CONFIG_SMP
+                spin_lock_irq(&tsk->sighand->siglock);
-                if (thread_group_empty(current)) {
+                utime = tsk->signal->utime;
-                        /*
+                stime = tsk->signal->stime;
-                         * Single thread case without the use of any locks.
+                t = tsk;
-                         *
+                do {
-                         * We may race with release_task if two threads are
+                        utime = cputime_add(utime, t->utime);
-                         * executing. However, release task first adds up the
+                        stime = cputime_add(stime, t->stime);
-                         * counters (__exit_signal) before  removing the task
+                        t = next_thread(t);
-                         * from the process tasklist (__unhash_process).
+                } while (t != tsk);
-                         * __exit_signal also acquires and releases the
-                         * siglock which results in the proper memory ordering
-                         * so that the list modifications are always visible
-                         * after the counters have been updated.
-                         *
-                         * If the counters have been updated by the second thread
-                         * but the thread has not yet been removed from the list
-                         * then the other branch will be executing which will
-                         * block on tasklist_lock until the exit handling of the
-                         * other task is finished.
-                         *
-                         * This also implies that the sighand->siglock cannot
-                         * be held by another processor. So we can also
-                         * skip acquiring that lock.
-                         */
-                        utime = cputime_add(current->signal->utime, current->utime);
-                        stime = cputime_add(current->signal->utime, current->stime);
-                        cutime = current->signal->cutime;
-                        cstime = current->signal->cstime;
-                } else
-#endif
-                {
-                        /* Process with multiple threads */
+                cutime = tsk->signal->cutime;
-                        struct task_struct *tsk = current;
+                cstime = tsk->signal->cstime;
-                        struct task_struct *t;
+                spin_unlock_irq(&tsk->sighand->siglock);
-                        read_lock(&tasklist_lock);
-                        utime = tsk->signal->utime;
-                        stime = tsk->signal->stime;
-                        t = tsk;
-                        do {
-                                utime = cputime_add(utime, t->utime);
-                                stime = cputime_add(stime, t->stime);
-                                t = next_thread(t);
-                        } while (t != tsk);
-                        /*
-                         * While we have tasklist_lock read-locked, no dying thread
-                         * can be updating current->signal->[us]time.  Instead,
-                         * we got their counts included in the live thread loop.
-                         * However, another thread can come in right now and
-                         * do a wait call that updates current->signal->c[us]time.
-                         * To make sure we always see that pair updated atomically,
-                         * we take the siglock around fetching them.
-                         */
-                        spin_lock_irq(&tsk->sighand->siglock);
-                        cutime = tsk->signal->cutime;
-                        cstime = tsk->signal->cstime;
-                        spin_unlock_irq(&tsk->sighand->siglock);
-                        read_unlock(&tasklist_lock);
-                }
                tmp.tms_utime = cputime_to_clock_t(utime);
                tmp.tms_stime = cputime_to_clock_t(stime);
                tmp.tms_cutime = cputime_to_clock_t(cutime);
@@ -1227,7 +1375,7 @@ asmlinkage long sys_setsid(void)
        struct pid *pid;
        int err = -EPERM;
-        down(&tty_sem);
+        mutex_lock(&tty_mutex);
        write_lock_irq(&tasklist_lock);
        pid = find_pid(PIDTYPE_PGID, group_leader->pid);
@@ -1241,7 +1389,7 @@ asmlinkage long sys_setsid(void)
        err = process_group(group_leader);
 out:
        write_unlock_irq(&tasklist_lock);
-        up(&tty_sem);
+        mutex_unlock(&tty_mutex);
        return err;
 }
@@ -1375,7 +1523,7 @@ static void groups_sort(struct group_info *group_info)
 /* a simple bsearch */
 int groups_search(struct group_info *group_info, gid_t grp)
 {
-        int left, right;
+        unsigned int left, right;
        if (!group_info)
                return 0;
@@ -1383,7 +1531,7 @@ int groups_search(struct group_info *group_info, gid_t grp)
        left = 0;
        right = group_info->ngroups;
        while (left < right) {
-                int mid = (left+right)/2;
+                unsigned int mid = (left+right)/2;
                int cmp = grp - GROUP_AT(group_info, mid);
                if (cmp > 0)
                        left = mid + 1;
@@ -1433,7 +1581,6 @@ asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist)
                return -EINVAL;
        /* no need to grab task_lock here; it cannot change */
-        get_group_info(current->group_info);
        i = current->group_info->ngroups;
        if (gidsetsize) {
                if (i > gidsetsize) {
@@ -1446,7 +1593,6 @@ asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist)
                }
        }
 out:
-        put_group_info(current->group_info);
        return i;
 }
@@ -1487,9 +1633,7 @@ int in_group_p(gid_t grp)
 {
        int retval = 1;
        if (grp != current->fsgid) {
-                get_group_info(current->group_info);
                retval = groups_search(current->group_info, grp);
-                put_group_info(current->group_info);
        }
        return retval;
 }
@@ -1500,9 +1644,7 @@ int in_egroup_p(gid_t grp)
 {
        int retval = 1;
        if (grp != current->egid) {
-                get_group_info(current->group_info);
                retval = groups_search(current->group_info, grp);
-                put_group_info(current->group_info);
        }
        return retval;
 }
@@ -1630,20 +1772,21 @@ asmlinkage long sys_old_getrlimit(unsigned int resource, struct rlimit __user *r
 asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
 {
        struct rlimit new_rlim, *old_rlim;
+        unsigned long it_prof_secs;
        int retval;
        if (resource >= RLIM_NLIMITS)
                return -EINVAL;
-        if(copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
+        if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
                return -EFAULT;
-       if (new_rlim.rlim_cur > new_rlim.rlim_max)
+        if (new_rlim.rlim_cur > new_rlim.rlim_max)
-               return -EINVAL;
+                return -EINVAL;
        old_rlim = current->signal->rlim + resource;
        if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
            !capable(CAP_SYS_RESOURCE))
                return -EPERM;
        if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > NR_OPEN)
-                        return -EPERM;
+                return -EPERM;
        retval = security_task_setrlimit(resource, &new_rlim);
        if (retval)
@@ -1653,19 +1796,40 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
        *old_rlim = new_rlim;
        task_unlock(current->group_leader);
-        if (resource == RLIMIT_CPU && new_rlim.rlim_cur != RLIM_INFINITY &&
+        if (resource != RLIMIT_CPU)
-            (cputime_eq(current->signal->it_prof_expires, cputime_zero) ||
+                goto out;
-             new_rlim.rlim_cur <= cputime_to_secs(
-                     current->signal->it_prof_expires))) {
+        /*
-                cputime_t cputime = secs_to_cputime(new_rlim.rlim_cur);
+         * RLIMIT_CPU handling.   Note that the kernel fails to return an error
+         * code if it rejected the user's attempt to set RLIMIT_CPU.  This is a
+         * very long-standing error, and fixing it now risks breakage of
+         * applications, so we live with it
+         */
+        if (new_rlim.rlim_cur == RLIM_INFINITY)
+                goto out;
+        it_prof_secs = cputime_to_secs(current->signal->it_prof_expires);
+        if (it_prof_secs == 0 || new_rlim.rlim_cur <= it_prof_secs) {
+                unsigned long rlim_cur = new_rlim.rlim_cur;
+                cputime_t cputime;
+                if (rlim_cur == 0) {
+                        /*
+                         * The caller is asking for an immediate RLIMIT_CPU
+                         * expiry.  But we use the zero value to mean "it was
+                         * never set".  So let's cheat and make it one second
+                         * instead
+                         */
+                        rlim_cur = 1;
+                }
+                cputime = secs_to_cputime(rlim_cur);
                read_lock(&tasklist_lock);
                spin_lock_irq(&current->sighand->siglock);
-                set_process_cpu_timer(current, CPUCLOCK_PROF,
+                set_process_cpu_timer(current, CPUCLOCK_PROF, &cputime, NULL);
-                                      &cputime, NULL);
                spin_unlock_irq(&current->sighand->siglock);
                read_unlock(&tasklist_lock);
        }
+out:
        return 0;
 }
@@ -1677,9 +1841,6 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
 * a lot simpler!  (Which we're not doing right now because we're not
 * measuring them yet).
 *
- * This expects to be called with tasklist_lock read-locked or better,
- * and the siglock not locked.  It may momentarily take the siglock.
- *
 * When sampling multiple threads for RUSAGE_SELF, under SMP we might have
 * races with threads incrementing their own counters.  But since word
 * reads are atomic, we either get new values or old values and we don't
@@ -1687,6 +1848,25 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
 * the c* fields from p->signal from races with exit.c updating those
 * fields when reaping, so a sample either gets all the additions of a
 * given child after it's reaped, or none so this sample is before reaping.
+ *
+ * tasklist_lock locking optimisation:
+ * If we are current and single threaded, we do not need to take the tasklist
+ * lock or the siglock.  No one else can take our signal_struct away,
+ * no one else can reap the children to update signal->c* counters, and
+ * no one else can race with the signal-> fields.
+ * If we do not take the tasklist_lock, the signal-> fields could be read
+ * out of order while another thread was just exiting. So we place a
+ * read memory barrier when we avoid the lock.  On the writer side,
+ * write memory barrier is implied in  __exit_signal as __exit_signal releases
+ * the siglock spinlock after updating the signal-> fields.
+ *
+ * We don't really need the siglock when we access the non c* fields
+ * of the signal_struct (for RUSAGE_SELF) even in multithreaded
+ * case, since we take the tasklist lock for read and the non c* signal->
+ * fields are updated only in __exit_signal, which is called with
+ * tasklist_lock taken for write, hence these two threads cannot execute
+ * concurrently.
+ *
 */
 static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
@@ -1694,13 +1874,23 @@ static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
        struct task_struct *t;
        unsigned long flags;
        cputime_t utime, stime;
+        int need_lock = 0;
        memset((char *) r, 0, sizeof *r);
+        utime = stime = cputime_zero;
-        if (unlikely(!p->signal))
+        if (p != current || !thread_group_empty(p))
-                return;
+                need_lock = 1;
-        utime = stime = cputime_zero;
+        if (need_lock) {
+                read_lock(&tasklist_lock);
+                if (unlikely(!p->signal)) {
+                        read_unlock(&tasklist_lock);
+                        return;
+                }
+        } else
+                /* See locking comments above */
+                smp_rmb();
        switch (who) {
                case RUSAGE_BOTH:
@@ -1740,6 +1930,8 @@ static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
                        BUG();
        }
+        if (need_lock)
+                read_unlock(&tasklist_lock);
        cputime_to_timeval(utime, &r->ru_utime);
        cputime_to_timeval(stime, &r->ru_stime);
 }
@@ -1747,9 +1939,7 @@ static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
 int getrusage(struct task_struct *p, int who, struct rusage __user *ru)
 {
        struct rusage r;
-        read_lock(&tasklist_lock);
        k_getrusage(p, who, &r);
-        read_unlock(&tasklist_lock);
        return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0;
 }