On Thu, Aug 11, 2005 at 04:16:53PM +0400, Oleg Nesterov wrote:
> Paul E. McKenney wrote:
> >
> > --- linux-2.6.13-rc6/kernel/signal.c 2005-08-08 19:59:24.000000000 -0700
> > +++ linux-2.6.13-rc6-tasklistRCU/kernel/signal.c 2005-08-10 08:20:25.000000000 -0700
> > @@ -1151,9 +1151,13 @@ int group_send_sig_info(int sig, struct
> >
> > ret = check_kill_permission(sig, info, p);
> > if (!ret && sig && p->sighand) {
> > + if (!get_task_struct_rcu(p)) {
> > + return -ESRCH;
> > + }
> > spin_lock_irqsave(&p->sighand->siglock, flags);
> ^^^^^^^
> Is it correct?
>
> The caller (kill_proc_info) does not take tasklist_lock anymore.
> If p does exec() at this time it can change/free its ->sighand.
>
> fs/exec.c:de_thread()
> 773 write_lock_irq(&tasklist_lock);
> 774 spin_lock(&oldsighand->siglock);
> 775 spin_lock(&newsighand->siglock);
> 776
> 777 current->sighand = newsighand;
> 778 recalc_sigpending();
> 779
> 780 spin_unlock(&newsighand->siglock);
> 781 spin_unlock(&oldsighand->siglock);
> 782 write_unlock_irq(&tasklist_lock);
> 783
> 784 if (atomic_dec_and_test(&oldsighand->count))
> 785 kmem_cache_free(sighand_cachep, oldsighand);
Looks suspicious to me! ;-) Will look into this one, thank you for
pointing it out!
Thanx, Paul
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |