task->signal->notify_count is only initialized if
task->signal->group_exit_task is not NULL.  Reorder a conditional so
that uninitialised memory is not used.  Found by Valgrind.

Signed-off-by: Steve VanDeBogart <vandebo-lkml@nerdbox.net>
---

Index: linux/kernel/exit.c
===================================================================
--- linux.orig/kernel/exit.c	2008-08-06 09:19:01.000000000 -0700
+++ linux/kernel/exit.c	2008-08-23 15:21:34.000000000 -0700
@@ -883,8 +883,8 @@

  	/* mt-exec, de_thread() is waiting for us */
  	if (thread_group_leader(tsk) &&
-	    tsk->signal->notify_count < 0 &&
-	    tsk->signal->group_exit_task)
+	    tsk->signal->group_exit_task &&
+	    tsk->signal->notify_count < 0)
  		wake_up_process(tsk->signal->group_exit_task);

  	write_unlock_irq(&tasklist_lock);
--

[ message continues ]

Applied the commit below to tip/core/urgent, thanks. Roland/Oleg, do you 
concur with the fix?

nice find btw. - are you running Valgrind on UML?

	Ingo
--

[ message continues ]

Inho, very nice cleanup.

Minor comment. As Roland pointed out, it makes sense to initialize
the whole signal_struct explicitely, perhaps copy_signal() should
just use zalloc. In that case we don't need to check ->group_exit_task
at all, the same for __exit_signal().

Thanks Steve! and what do you think about the above?

Oleg.

--

[ message continues ]

It looks like that would work.  Seems that
sig->count == 0 && sig->group_exit_task != NULL can never be true.
If it does work, a lot of initialization in copy_signal() can be
removed and it would reduce the chances that a similar problem would be
reintroduced.  I would submit a patch, but I'm not sure how to trigger
those code paths in order to test it.

--
Steve
--

[ message continues ]

I'd suggest to make 2 patches. The first one adds "->notify_count = 0"
to copy_signal() and removes "->group_exit_task != NULL" checks. The
second one changes copy_signal() to use zalloc.

BTW, I forgot to mention that you can kill the "thread_group_leader()"
check in exit_notify() too.

Oleg.

--

[ message continues ]

Thanks.  Yes, I am running Valgrind on UML.  I revisited the previous 
patches that allowed it and tried to remove any unnecessary changes.
The patches and a recipe on how to make it work can be found on the
UML wiki: http://uml.jfdi.org/uml/Wiki.jsp?page=ValgrindingUML

I'll stir up trouble by posting the kernel patches on lkml after a
little more cleanup.

--
Steve
--

[ message continues ]