summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKirill Tkhai <ktkhai@parallels.com>2015-04-16 21:48:01 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2015-04-17 15:04:07 +0200
commitdfcce791fb0ad06f3f0b745a23160b9d8858fe39 (patch)
treea3c49070946f205a96642688af0daf5cd3c3c432
parentprctl: avoid using mmap_sem for exe_file serialization (diff)
downloadlinux-dfcce791fb0ad06f3f0b745a23160b9d8858fe39.tar.xz
linux-dfcce791fb0ad06f3f0b745a23160b9d8858fe39.zip
fs/exec.c:de_thread: move notify_count write under lock
We set sig->notify_count = -1 between RELEASE and ACQUIRE operations: spin_unlock_irq(lock); ... if (!thread_group_leader(tsk)) { ... for (;;) { sig->notify_count = -1; write_lock_irq(&tasklist_lock); There are no restriction on it so other processors may see this STORE mixed with other STOREs in both areas limited by the spinlocks. Probably, it may be reordered with the above sig->group_exit_task = tsk; sig->notify_count = zap_other_threads(tsk); in some way. Set it under tasklist_lock locked to be sure nothing will be reordered. Signed-off-by: Kirill Tkhai <ktkhai@parallels.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/exec.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/exec.c b/fs/exec.c
index a5fef835ebc5..02bfd980a40c 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -926,10 +926,14 @@ static int de_thread(struct task_struct *tsk)
if (!thread_group_leader(tsk)) {
struct task_struct *leader = tsk->group_leader;
- sig->notify_count = -1; /* for exit_notify() */
for (;;) {
threadgroup_change_begin(tsk);
write_lock_irq(&tasklist_lock);
+ /*
+ * Do this under tasklist_lock to ensure that
+ * exit_notify() can't miss ->group_exit_task
+ */
+ sig->notify_count = -1;
if (likely(leader->exit_state))
break;
__set_current_state(TASK_KILLABLE);