| 7383e370 |
1 | Fixes dereference of already freed signal structs on conn_table_entry traversal. |
| 2 | (removal of "tsk == sig->curr_target" comparison in a case of 1-element |
| 3 | process group caused to apply gr_del_task_from_ip_table(tsk) hunk to be |
| 4 | applied in wrong place, where struct signal is still kept, not where it |
| 5 | is freed) |
| 6 | --- linux-2.6.16/kernel/signal.c.orig 2007-07-14 12:16:07.661313000 +0200 |
| 7 | +++ linux-2.6.16/kernel/signal.c 2007-07-14 13:40:35.919325560 +0200 |
| 8 | @@ -367,6 +367,7 @@ |
| 9 | posix_cpu_timers_exit(tsk); |
| 10 | if (atomic_dec_and_test(&sig->count)) { |
| 11 | posix_cpu_timers_exit_group(tsk); |
| 12 | + gr_del_task_from_ip_table(tsk); |
| 13 | tsk->signal = NULL; |
| 14 | __exit_sighand(tsk); |
| 15 | spin_unlock(&sighand->siglock); |
| 16 | @@ -382,7 +383,6 @@ |
| 17 | } |
| 18 | if (tsk == sig->curr_target) |
| 19 | sig->curr_target = next_thread(tsk); |
| 20 | - gr_del_task_from_ip_table(tsk); |
| 21 | tsk->signal = NULL; |
| 22 | /* |
| 23 | * Accumulate here the counters for all threads but the |
projects / packages / kernel.git / blame