task->signal->notify_count is only initialized if
task->signal->group_exit_task is not NULL. Reorder a conditional so
that uninitialised memory is not used. Found by Valgrind.
Signed-off-by: Steve VanDeBogart <[email protected]>
---
Index: linux/kernel/exit.c
===================================================================
--- linux.orig/kernel/exit.c 2008-08-06 09:19:01.000000000 -0700
+++ linux/kernel/exit.c 2008-08-23 15:21:34.000000000 -0700
@@ -883,8 +883,8 @@
/* mt-exec, de_thread() is waiting for us */
if (thread_group_leader(tsk) &&
- tsk->signal->notify_count < 0 &&
- tsk->signal->group_exit_task)
+ tsk->signal->group_exit_task &&
+ tsk->signal->notify_count < 0)
wake_up_process(tsk->signal->group_exit_task);
write_unlock_irq(&tasklist_lock);
* Steve VanDeBogart <[email protected]> wrote:
> task->signal->notify_count is only initialized if
> task->signal->group_exit_task is not NULL. Reorder a conditional so
> that uninitialised memory is not used. Found by Valgrind.
>
> Signed-off-by: Steve VanDeBogart <[email protected]>
Applied the commit below to tip/core/urgent, thanks. Roland/Oleg, do you
concur with the fix?
nice find btw. - are you running Valgrind on UML?
Ingo
On 08/27, Ingo Molnar wrote:
>
> * Steve VanDeBogart <[email protected]> wrote:
>
> > task->signal->notify_count is only initialized if
> > task->signal->group_exit_task is not NULL. Reorder a conditional so
> > that uninitialised memory is not used. Found by Valgrind.
> >
> > Signed-off-by: Steve VanDeBogart <[email protected]>
>
> Applied the commit below to tip/core/urgent, thanks. Roland/Oleg, do you
> concur with the fix?
Inho, very nice cleanup.
Minor comment. As Roland pointed out, it makes sense to initialize
the whole signal_struct explicitely, perhaps copy_signal() should
just use zalloc. In that case we don't need to check ->group_exit_task
at all, the same for __exit_signal().
Thanks Steve! and what do you think about the above?
Oleg.
On Wed, 27 Aug 2008, Ingo Molnar wrote:
>
> * Steve VanDeBogart <[email protected]> wrote:
>
>> task->signal->notify_count is only initialized if
>> task->signal->group_exit_task is not NULL. Reorder a conditional so
>> that uninitialised memory is not used. Found by Valgrind.
>>
>> Signed-off-by: Steve VanDeBogart <[email protected]>
>
> Applied the commit below to tip/core/urgent, thanks. Roland/Oleg, do you
> concur with the fix?
>
> nice find btw. - are you running Valgrind on UML?
Thanks. Yes, I am running Valgrind on UML. I revisited the previous
patches that allowed it and tried to remove any unnecessary changes.
The patches and a recipe on how to make it work can be found on the
UML wiki: http://uml.jfdi.org/uml/Wiki.jsp?page=ValgrindingUML
I'll stir up trouble by posting the kernel patches on lkml after a
little more cleanup.
--
Steve
On Wed, 27 Aug 2008, Oleg Nesterov wrote:
>> * Steve VanDeBogart <[email protected]> wrote:
>>
>>> task->signal->notify_count is only initialized if
>>> task->signal->group_exit_task is not NULL. Reorder a conditional so
>>> that uninitialised memory is not used. Found by Valgrind.
>
> Minor comment. As Roland pointed out, it makes sense to initialize
> the whole signal_struct explicitely, perhaps copy_signal() should
> just use zalloc. In that case we don't need to check ->group_exit_task
> at all, the same for __exit_signal().
>
> Thanks Steve! and what do you think about the above?
It looks like that would work. Seems that
sig->count == 0 && sig->group_exit_task != NULL can never be true.
If it does work, a lot of initialization in copy_signal() can be
removed and it would reduce the chances that a similar problem would be
reintroduced. I would submit a patch, but I'm not sure how to trigger
those code paths in order to test it.
--
Steve
On 08/27, Steve VanDeBogart wrote:
>
> It looks like that would work. Seems that
> sig->count == 0 && sig->group_exit_task != NULL can never be true.
> If it does work, a lot of initialization in copy_signal() can be
> removed and it would reduce the chances that a similar problem would be
> reintroduced. I would submit a patch, but I'm not sure how to trigger
> those code paths in order to test it.
I'd suggest to make 2 patches. The first one adds "->notify_count = 0"
to copy_signal() and removes "->group_exit_task != NULL" checks. The
second one changes copy_signal() to use zalloc.
BTW, I forgot to mention that you can kill the "thread_group_leader()"
check in exit_notify() too.
Oleg.