mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-08 06:03:24 +00:00
exec: kill unsafe BUG_ON(sig->count) checks
de_thread: if (atomic_read(&oldsighand->count) <= 1) BUG_ON(atomic_read(&sig->count) != 1); This is not safe without the rmb() in between. The results of two correctly ordered __exit_signal()->atomic_dec_and_test()'s could be seen out of order on our CPU. The same is true for the "thread_group_empty()" case, __unhash_process()'s changes could be seen before atomic_dec_and_test(&sig->count). On some platforms (including i386) atomic_read() doesn't provide even the compiler barrier, in that case these checks are simply racy. Remove these BUG_ON()'s. Alternatively, we can do something like BUG_ON( ({ smp_rmb(); atomic_read(&sig->count) != 1; }) ); Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
5c076fce2e
commit
abd96ecb29
@ -784,7 +784,6 @@ static int de_thread(struct task_struct *tsk)
|
||||
* and we can just re-use it all.
|
||||
*/
|
||||
if (atomic_read(&oldsighand->count) <= 1) {
|
||||
BUG_ON(atomic_read(&sig->count) != 1);
|
||||
signalfd_detach(tsk);
|
||||
exit_itimers(sig);
|
||||
return 0;
|
||||
@ -929,8 +928,6 @@ static int de_thread(struct task_struct *tsk)
|
||||
if (leader)
|
||||
release_task(leader);
|
||||
|
||||
BUG_ON(atomic_read(&sig->count) != 1);
|
||||
|
||||
if (atomic_read(&oldsighand->count) == 1) {
|
||||
/*
|
||||
* Now that we nuked the rest of the thread group,
|
||||
|
Loading…
Reference in New Issue
Block a user