From 4ada856fb0ee62f6fe3aac3de726deac0640d929 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov Date: Wed, 26 May 2010 14:43:17 -0700 Subject: [PATCH] signals: clear signal->tty when the last thread exits When the last thread exits signal->tty is freed, but the pointer is not cleared and points to nowhere. This is OK. Nobody should use signal->tty lockless, and it is no longer possible to take ->siglock. However this looks wrong even if correct, and the nice OOPS is better than subtle and hard to find bugs. Change __exit_signal() to clear signal->tty under ->siglock. Note: __exit_signal() needs more cleanups. It should not check "sig != NULL" to detect the all-dead case and we have the same issues with signal->stats. Signed-off-by: Oleg Nesterov Cc: Alan Cox Cc: Ingo Molnar Acked-by: Peter Zijlstra Acked-by: Roland McGrath Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- kernel/exit.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/exit.c b/kernel/exit.c index 92af5cde9bbe..356d91fa095f 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -80,6 +80,7 @@ static void __exit_signal(struct task_struct *tsk) { struct signal_struct *sig = tsk->signal; struct sighand_struct *sighand; + struct tty_struct *uninitialized_var(tty); BUG_ON(!sig); BUG_ON(!atomic_read(&sig->count)); @@ -93,6 +94,8 @@ static void __exit_signal(struct task_struct *tsk) posix_cpu_timers_exit(tsk); if (thread_group_leader(tsk)) { posix_cpu_timers_exit_group(tsk); + tty = sig->tty; + sig->tty = NULL; } else { /* * If there is any task waiting for the group exit @@ -147,7 +150,7 @@ static void __exit_signal(struct task_struct *tsk) * see account_group_exec_runtime(). */ task_rq_unlock_wait(tsk); - tty_kref_put(sig->tty); + tty_kref_put(tty); } } -- 2.20.1