[PATCH] fix de_thread() vs do_coredump() deadlock

From: Oleg Nesterov
Date: Thu Oct 13 2005 - 11:55:14 EST

Next message: Ben Dooks: "[PATCH] drivers/base - fix sparse warnings"
Previous message: Ananiev, Leonid I: "[PATCH 1/1] indirect function calls elimination in IO eliminate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

de_thread() sends SIGKILL to all sub-threads and
waits them to die in 'D' state. It is possible that
one of the threads already dequeued coredump signal.
When de_thread() unlocks ->sighand->lock that thread
can enter do_coredump()->coredump_wait() and cause a
deadlock.

Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>

--- 2.6.14-rc4/fs/exec.c~ 2005-09-21 21:08:33.000000000 +0400
+++ 2.6.14-rc4/fs/exec.c 2005-10-14 00:19:19.000000000 +0400
@@ -1468,11 +1468,21 @@ int do_coredump(long signr, int exit_cod
current->fsuid = 0; /* Dump root private */
}
mm->dumpable = 0;
- init_completion(&mm->core_done);
+
+ retval = -EAGAIN;
spin_lock_irq(&current->sighand->siglock);
- current->signal->flags = SIGNAL_GROUP_EXIT;
- current->signal->group_exit_code = exit_code;
+ if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
+ current->signal->flags = SIGNAL_GROUP_EXIT;
+ current->signal->group_exit_code = exit_code;
+ retval = 0;
+ }
spin_unlock_irq(&current->sighand->siglock);
+ if (retval) {
+ up_write(&mm->mmap_sem);
+ goto fail;
+ }
+
+ init_completion(&mm->core_done);
coredump_wait(mm);

/*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Dooks: "[PATCH] drivers/base - fix sparse warnings"
Previous message: Ananiev, Leonid I: "[PATCH 1/1] indirect function calls elimination in IO eliminate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]