Linus Torvalds wrote:
>On Sun, 16 Feb 2003, Manfred Spraul wrote:
>
>
>>What about this minimal patch? The performance critical operation is
>>signal delivery - we should fix the synchronization between signal
>>delivery and exec first.
>>
>>
>
>Ok, I committed this alternative change, which isn't quite as minimal, but
>looks a lot cleaner to me.
>
>Also, looking at execve() and other paths, we do seem to have sufficient
>protection from the tasklist_lock that signal delivery should be fine. So
>despite a long and confused thread, I think in the end the only real bug
>was the one Martin found which should be thus fixed..
>
>
I'm not convinced that exec is correct.
app with two threads, cloned sighand and sig structures.
thread one does exec().
thread two does exit().
Now we can arrive at no_thread_group in de_thread() and
tsk->sig{,hand}->count == 1.
>no_thread_group:
>
> write_lock_irq(&tasklist_lock);
> spin_lock(&oldsighand->siglock);
> spin_lock(&newsighand->siglock);
>
> if (current == oldsig->curr_target)
> oldsig->curr_target = next_thread(current);
>
signal sender: in send_sig_info().
reads tsk->signal. blocks on tsk->sighand->siglock.
> if (newsig)
> current->signal = newsig;
> current->sighand = newsighand;
> init_sigpending(¤t->pending);
> recalc_sigpending();
>
> spin_unlock(&newsighand->siglock);
> spin_unlock(&oldsighand->siglock);
> write_unlock_irq(&tasklist_lock);
>
> if (newsig && atomic_dec_and_test(&oldsig->count))
> kmem_cache_free(signal_cachep, oldsig);
>
> if (atomic_dec_and_test(&oldsighand->count))
> kmem_cache_free(sighand_cachep, oldsighand);
>
>
And now the signal sender continues. BOOM.
sighand structure, sig structure already kfreed, etc.
--
Manfred
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Feb 23 2003 - 22:00:16 EST