From: Oleg Nesterov <oleg@tv-sign.ru>
Date: Sun, 30 Oct 2005 23:02:54 +0000 (-0800)
Subject: [PATCH] fix de_thread() vs do_coredump() deadlock
X-Git-Tag: v2.6.15-rc1~59^2~15^2~64
X-Git-Url: http://ftp.safe.ca/?a=commitdiff_plain;h=1291cf4163d21f1b4999d697cbf68d38e7151c28;p=safe%2Fjmp%2Flinux-2.6

[PATCH] fix de_thread() vs do_coredump() deadlock

de_thread() sends SIGKILL to all sub-threads and waits them to die in 'D'
state.  It is possible that one of the threads already dequeued coredump
signal.  When de_thread() unlocks ->sighand->lock that thread can enter
do_coredump()->coredump_wait() and cause a deadlock.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

diff --git a/fs/exec.c b/fs/exec.c
index 6d95216..10d493f 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1460,11 +1460,21 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
 		current->fsuid = 0;	/* Dump root private */
 	}
 	mm->dumpable = 0;
-	init_completion(&mm->core_done);
+
+	retval = -EAGAIN;
 	spin_lock_irq(&current->sighand->siglock);
-	current->signal->flags = SIGNAL_GROUP_EXIT;
-	current->signal->group_exit_code = exit_code;
+	if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
+		current->signal->flags = SIGNAL_GROUP_EXIT;
+		current->signal->group_exit_code = exit_code;
+		retval = 0;
+	}
 	spin_unlock_irq(&current->sighand->siglock);
+	if (retval) {
+		up_write(&mm->mmap_sem);
+		goto fail;
+	}
+
+	init_completion(&mm->core_done);
 	coredump_wait(mm);
 
 	/*