git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Alexander Nyberg <alexn@telia.com>
	Wed, 14 Sep 2005 16:54:06 +0000 (18:54 +0200)
committer	Chris Wright <chrisw@osdl.org>
	Mon, 3 Oct 2005 23:27:17 +0000 (16:27 -0700)
commit	99e56fc6ee51c66c0d248c6dea7a45d70e15604e
tree	97d1735bbe313d1cb6865034b92523627241cc41	tree \| snapshot
parent	ef1b2a3b4cd1addfe039a4bb8105098d83bd6503	commit \| diff

[PATCH] Fix fs/exec.c:788 (de_thread()) BUG_ON

It turns out that the BUG_ON() in fs/exec.c: de_thread() is unreliable
and can trigger due to the test itself being racy.

de_thread() does
while (atomic_read(&sig->count) > count) {
}
.....
.....
BUG_ON(!thread_group_empty(current));

but release_task does
write_lock_irq(&tasklist_lock)
__exit_signal
(this is where atomic_dec(&sig->count) is run)
__exit_sighand
__unhash_process
takes write lock on tasklist_lock
remove itself out of PIDTYPE_TGID list
write_unlock_irq(&tasklist_lock)

so there's a clear (although small) window between the
atomic_dec(&sig->count) and the actual PIDTYPE_TGID unhashing of the
thread.

And actually there is no need for all threads to have exited at this
point, so we simply kill the BUG_ON.

Big thanks to Marc Lehmann who provided the test-case.

Fixes Bug 5170 (http://bugme.osdl.org/show_bug.cgi?id=5170)

Signed-off-by: Alexander Nyberg <alexn@telia.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>