From: "Eric W. Biederman" <ebiederm@xmission.com> mainline inclusion from mainline-v5.6 commit b95e31c07c5eb4f5c0769f12b38b0343d7961040 category: bugfix bugzilla: 32426 CVE: NA ------------------------ The reasons why the extra posix_cpu_timers_exit_group() invocation has been added are not entirely clear from the commit message. Today all that posix_cpu_timers_exit_group() does is stop timers that are tracking the task from firing. Every other operation on those timers is still allowed. The practical implication of this is posix_cpu_timer_del() which could not get the siglock after the thread group leader has exited (because sighand == NULL) would be able to run successfully because the timer was already dequeued. With that locking issue fixed there is no point in disabling all of the timers. So remove this ``tempoary'' hack. Fixes: e0a70217107e ("posix-cpu-timers: workaround to suppress the problems with mt exec") Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/87o8tityzs.fsf@x220.int.ebiederm.org Reviewed-by: Xiongfeng Wang <wangxiongfeng2@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- kernel/exit.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/kernel/exit.c b/kernel/exit.c index 08e1ec2584aa2..378fdc19a1fbb 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -102,17 +102,8 @@ static void __exit_signal(struct task_struct *tsk) #ifdef CONFIG_POSIX_TIMERS posix_cpu_timers_exit(tsk); - if (group_dead) { + if (group_dead) posix_cpu_timers_exit_group(tsk); - } else { - /* - * This can only happen if the caller is de_thread(). - * FIXME: this is the temporary hack, we should teach - * posix-cpu-timers to handle this case correctly. - */ - if (unlikely(has_group_leader_pid(tsk))) - posix_cpu_timers_exit_group(tsk); - } #endif if (group_dead) { -- 2.25.1