diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2005-09-07 00:17:42 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-09-08 01:57:33 +0200 |
commit | e752dd6cc66a3e6a11396928998baf390cc00420 (patch) | |
tree | b24b388d80acec6527e66b07f0d308d48319c476 /include/asm-h8300/page_offset.h | |
parent | [PATCH] fix cramfs making duplicate entries in inode cache (diff) | |
download | linux-e752dd6cc66a3e6a11396928998baf390cc00420.tar.xz linux-e752dd6cc66a3e6a11396928998baf390cc00420.zip |
[PATCH] fix send_sigqueue() vs thread exit race
posix_timer_event() first checks that the thread (SIGEV_THREAD_ID case)
does not have PF_EXITING flag, then it calls send_sigqueue() which locks
task list. But if the thread exits in between the kernel will oops
(->sighand == NULL after __exit_sighand).
This patch moves the PF_EXITING check into the send_sigqueue(), it must be
done atomically under tasklist_lock. When send_sigqueue() detects exiting
thread it returns -1. In that case posix_timer_event will send the signal
to thread group.
Also, this patch fixes task_struct use-after-free in posix_timer_event.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/asm-h8300/page_offset.h')
0 files changed, 0 insertions, 0 deletions