From: Roland McGrath Date: Tue, 12 Jul 2005 20:58:27 +0000 (-0700) Subject: [PATCH] reset real_timer target on exec leader change X-Git-Tag: firefly_0821_release~42809 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=5323125031799a7fd8602ce150c3902aedfdcba6;p=firefly-linux-kernel-4.4.55.git [PATCH] reset real_timer target on exec leader change When a noninitial thread does exec, it becomes the new group leader. If there is a ITIMER_REAL timer running, it points at the old group leader and when it fires it can follow a stale pointer. The timer data needs to be reset to point at the exec'ing thread that is becoming the group leader. This has to synchronize with any concurrent firing of the timer to make sure that it_real_fn can never run when the data points to a thread that might have been reaped already. Signed-off-by: Roland McGrath Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/exec.c b/fs/exec.c index 48871917d363..222ab1c572d8 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -642,6 +642,18 @@ static inline int de_thread(struct task_struct *tsk) count = 2; if (thread_group_leader(current)) count = 1; + else { + /* + * The SIGALRM timer survives the exec, but needs to point + * at us as the new group leader now. We have a race with + * a timer firing now getting the old leader, so we need to + * synchronize with any firing (by calling del_timer_sync) + * before we can safely let the old group leader die. + */ + sig->real_timer.data = (unsigned long)current; + if (del_timer_sync(&sig->real_timer)) + add_timer(&sig->real_timer); + } while (atomic_read(&sig->count) > count) { sig->group_exit_task = current; sig->notify_count = count;