Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 962b564c authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds
Browse files

[PATCH] fix do_wait() vs exec() race 



When non-leader thread does exec, de_thread adds old leader to the init's
->children list in EXIT_ZOMBIE state and drops tasklist_lock.

This means that release_task(leader) in de_thread() is racy vs do_wait()
from init task.

I think de_thread() should set old leader's state to EXIT_DEAD instead.

Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
Cc: george anzinger <george@mvista.com>
Cc: Roland Dreier <rolandd@cisco.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 8bf1101b

fs/exec.c

+4 −4
Original line number Diff line number Diff line
@@ -668,7 +668,7 @@ static inline int de_thread(struct task_struct *tsk) 
	if (!thread_group_leader(current)) {

		struct task_struct *parent;

		struct dentry *proc_dentry1, *proc_dentry2;

		unsigned long exit_state, ptrace;

		unsigned long ptrace;



		/*

		 * Wait for the thread group leader to be a zombie.
@@ -726,15 +726,15 @@ static inline int de_thread(struct task_struct *tsk) 
		list_del(&current->tasks);

		list_add_tail(&current->tasks, &init_task.tasks);

		current->exit_signal = SIGCHLD;

		exit_state = leader->exit_state;



		BUG_ON(leader->exit_state != EXIT_ZOMBIE);

		leader->exit_state = EXIT_DEAD;



		write_unlock_irq(&tasklist_lock);

		spin_unlock(&leader->proc_lock);

		spin_unlock(&current->proc_lock);

		proc_pid_flush(proc_dentry1);

		proc_pid_flush(proc_dentry2);



		BUG_ON(exit_state != EXIT_ZOMBIE);

        }



	/*