[ cc'ed to l-k sine it's relevant ]
On Tue, 2 May 2000, Mike Galbraith wrote:
>I'm currently testing the below.. maybe not correct, but bug is still
>silent (so far).
Great spotting Mike! :)
>
>--- linux-2.3.99pre7-1.ikd/fs/proc/base.c.org Tue May 2 06:29:35 2000
>+++ linux-2.3.99pre7-1.ikd/fs/proc/base.c Tue May 2 06:22:27 2000
>@@ -70,6 +70,7 @@
> mm = task->mm;
> if (!mm)
> goto out;
>+ atomic_inc(&mm->mm_users);
> down(&mm->mmap_sem);
> vma = mm->mmap;
> while (vma) {
>@@ -83,6 +84,7 @@
> vma = vma->vm_next;
> }
> up(&mm->mmap_sem);
>+ mmput(mm);
> out:
> task_unlock(task);
> return result;
>
I think that's not the correct fix though because there's probably still a
window for a race if you happen to increase the mmap_sem when it was just
zero (too late). I had a very fast look so I may be missing something but
what do you think about this other below untested approch? It seems the
task_lock() is there exactly to make sure the task won't go away from
under us but it wasn't protecting the mm reference by mistake.
Patch against 2.3.99-pre7-pre3:
--- 2.3.99-pre7-pre3/kernel/exit.c Thu Apr 27 17:56:45 2000
+++ /tmp/exit.c Thu May 4 12:33:51 2000
@@ -430,11 +430,11 @@
acct_process(code);
#endif
sem_exit();
+ task_lock(tsk);
__exit_mm(tsk);
__exit_files(tsk);
__exit_fs(tsk);
__exit_sighand(tsk);
- task_lock(tsk);
exit_thread();
tsk->state = TASK_ZOMBIE;
tsk->exit_code = code;
Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:14 EST