[PATCH] Fix potential runqueue deadlock

send_sig_info() has been broken since 2.5.60.

The function can be invoked from a the time interrupt (timer_interrpt ->
do_timer -> update_process_times -> -> update_one_process -> (
do_process_times, do_it_prof, do_it_virt ) -> -> send_sig ->
send_sig_info) but it uses spin_unlock_irq instead of the correct
spin_unlock_irqrestore. 

This enables interrupts, and later scheduler_tick() locks runqueue
(without disabling interrupts).  And if we are unlucky, a new interrupt
comes at this point.  And if this interrupt tries to do wake_up() (like
RTC interrupt does), we will deadlock on runqueue lock :-(

The bug was introduced by signal-fixes-2.5.59-A4, which split the
original send_sig_info into two functions, and in one branch it started
using these unsafe spinlock variants (while the "group" variant uses
irqsave/restore correctly). 

1 files changed, 3 insertions, 2 deletions

diff --git a/kernel/signal.c b/kernel/signal.c
index 8d1eb40394b7..dae415f8785a 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1146,6 +1146,7 @@ int
 send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
 {
 	int ret;
+	unsigned long flags;
 
 	/*
 	 * We need the tasklist lock even for the specific
@@ -1154,9 +1155,9 @@ send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
 	 * going away or changing from under us.
 	 */
 	read_lock(&tasklist_lock);  
-	spin_lock_irq(&p->sighand->siglock);
+	spin_lock_irqsave(&p->sighand->siglock, flags);
 	ret = specific_send_sig_info(sig, info, p);
-	spin_unlock_irq(&p->sighand->siglock);
+	spin_unlock_irqrestore(&p->sighand->siglock, flags);
 	read_unlock(&tasklist_lock);
 	return ret;
 }