Attachment #46481 for bug #91434

View | Details | Raw Unified | Return to bug 91434
Collapse All | Expand All




 [PATCH] reset real_timer target on exec leader change
 
 When a noninitial thread does exec, it becomes the new group leader.  If
 there is a ITIMER_REAL timer running, it points at the old group leader and
 when it fires it can follow a stale pointer.  The timer data needs to be
 reset to point at the exec'ing thread that is becoming the group leader.
 This has to synchronize with any concurrent firing of the timer to make
 sure that it_real_fn can never run when the data points to a thread that
 might have been reaped already.
 
 Signed-off-by: Roland McGrath <roland@redhat.com>
 Signed-off-by: Andrew Morton <akpm@osdl.org>
 Signed-off-by: Linus Torvalds <torvalds@osdl.org>
++ b/fs/exec.c
-- a/fs/exec.c

	count = 2;
	if (thread_group_leader(current))
		count = 1;
	else {
		/*
		 * The SIGALRM timer survives the exec, but needs to point
		 * at us as the new group leader now.  We have a race with
		 * a timer firing now getting the old leader, so we need to
		 * synchronize with any firing (by calling del_timer_sync)
		 * before we can safely let the old group leader die.
		 */
		sig->real_timer.data = (unsigned long)current;
		if (del_timer_sync(&sig->real_timer))
			add_timer(&sig->real_timer);
	}
	while (atomic_read(&sig->count) > count) {
		sig->group_exit_task = current;
		sig->notify_count = count;

Return to bug 91434

Line Link Here

(-)file_not_specified_in_diff (-2 / +13 lines)
	[PATCH] reset real_timer target on exec leader change		[PATCH] reset real_timer target on exec leader change
1		1
2	When a noninitial thread does exec, it becomes the new group leader. If	2	When a noninitial thread does exec, it becomes the new group leader. If
3	there is a ITIMER_REAL timer running, it points at the old group leader and	3	there is a ITIMER_REAL timer running, it points at the old group leader and
4	when it fires it can follow a stale pointer. The timer data needs to be	4	when it fires it can follow a stale pointer. The timer data needs to be
5	reset to point at the exec'ing thread that is becoming the group leader.	5	reset to point at the exec'ing thread that is becoming the group leader.
6	This has to synchronize with any concurrent firing of the timer to make	6	This has to synchronize with any concurrent firing of the timer to make
7	sure that it_real_fn can never run when the data points to a thread that	7	sure that it_real_fn can never run when the data points to a thread that
8	might have been reaped already.	8	might have been reaped already.
9		9
10	Signed-off-by: Roland McGrath <roland@redhat.com>	10	Signed-off-by: Roland McGrath <roland@redhat.com>
11	Signed-off-by: Andrew Morton <akpm@osdl.org>	11	Signed-off-by: Andrew Morton <akpm@osdl.org>
12	Signed-off-by: Linus Torvalds <torvalds@osdl.org>	12	Signed-off-by: Linus Torvalds <torvalds@osdl.org>
13	--	13	++ b/fs/exec.c
14	-- a/fs/exec.c
Lines 642-647 static inline int de_thread(struct task_ Link Here
642	count = 2;	642	count = 2;
643	if (thread_group_leader(current))	643	if (thread_group_leader(current))
644	count = 1;	644	count = 1;
		645	else {
		646	/*
		647	* The SIGALRM timer survives the exec, but needs to point
		648	* at us as the new group leader now. We have a race with
		649	* a timer firing now getting the old leader, so we need to
		650	* synchronize with any firing (by calling del_timer_sync)
		651	* before we can safely let the old group leader die.
		652	*/
		653	sig->real_timer.data = (unsigned long)current;
		654	if (del_timer_sync(&sig->real_timer))
		655	add_timer(&sig->real_timer);
		656	}
645	while (atomic_read(&sig->count) > count) {	657	while (atomic_read(&sig->count) > count) {
646	sig->group_exit_task = current;	658	sig->group_exit_task = current;
647	sig->notify_count = count;	659	sig->notify_count = count;