exec: kill unsafe BUG_ON(sig->count) checks

de_thread: if (atomic_read(&oldsighand->count) <= 1) BUG_ON(atomic_read(&sig->count) != 1); This is not safe without the rmb() in between. The results of two correctly ordered __exit_signal()->atomic_dec_and_test()'s could be seen out of order on our CPU. The same is true for the "thread_group_empty()" case, __unhash_process()'s changes could be seen before atomic_dec_and_test(&sig->count). On some platforms (including i386) atomic_read() doesn't provide even the compiler barrier, in that case these checks are simply racy. Remove these BUG_ON()'s. Alternatively, we can do something like BUG_ON( ({ smp_rmb(); atomic_read(&sig->count) != 1; }) ); Signed-off-by: Oleg Nesterov <[email protected]> Acked-by: Paul E. McKenney <[email protected]> Cc: Roland McGrath <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
kishon · Aug 23, 2007 · abd96ec · abd96ec
1 parent 5c076fc
commit abd96ec
Showing 1 changed file with 0 additions and 3 deletions.
diff --git a/fs/exec.c b/fs/exec.c
@@ -784,7 +784,6 @@ static int de_thread(struct task_struct *tsk)
 	 * and we can just re-use it all.
 	 */
 	if (atomic_read(&oldsighand->count) <= 1) {
-		BUG_ON(atomic_read(&sig->count) != 1);
 		signalfd_detach(tsk);
 		exit_itimers(sig);
 		return 0;
@@ -929,8 +928,6 @@ static int de_thread(struct task_struct *tsk)
 	if (leader)
 		release_task(leader);
 
-	BUG_ON(atomic_read(&sig->count) != 1);
-
 	if (atomic_read(&oldsighand->count) == 1) {
 		/*
 		 * Now that we nuked the rest of the thread group,