Hi there.
A problem was found with the PAGG patch so I decided to re-spin the patch
for 2.6.9 and include the fix.
In a certain unlikely situation in copy_process (fork.c), it was possible
that a child task could be "aborted". Since this aborted task is torn
back down within copy_process itself, do_exit isn't called. Previously,
the only place we called pagg_detach was in the do_exit function. The end
result is we do a pagg_attach for the process but not a matching pagg_detach
in this rare situation.
Using Linux job as an example here, this could mean a "bogus" task is in
a job container and trying to do certain things to that bogus task could
result in system panics since the task is "mostly gone". For example, if
job_killjid tried to signal this bogus task, it would cause a panic (null
pointer dereference) since the signal handler isn't attached to the bogus task
any more.
The fix was to add a pagg_detach call right under bad_fork_cleanup_namespace:
in copy_process.
Find the 'linux-2.6.9-pagg.patch' patch at the PAGG web site.
http://oss.sgi.com/projects/pagg/
Click on "Download" on the left.
Thank you.
--
Erik Jacobson - Linux System Software - Silicon Graphics - Eagan, Minnesota
|