From: Hugh Dickins <hugh@veritas.com>

The p->signal check in account_system_time is insufficient.  If the timer
interrupt hits near the end of exit_notify, after EXIT_ZOMBIE has been set,
another cpu may release_task (NULLifying p->signal) in between
account_system_time's check and check_rlimit's dereference.  Nor should
account_it_prof risk send_sig.  But surely account_user_time is safe?

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/kernel/sched.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff -puN kernel/sched.c~mm-check_rlimit-oops-on-p-signal kernel/sched.c
--- 25/kernel/sched.c~mm-check_rlimit-oops-on-p-signal	2004-12-03 20:57:11.655866840 -0800
+++ 25-akpm/kernel/sched.c	2004-12-03 20:57:11.661865928 -0800
@@ -2348,8 +2348,7 @@ void account_user_time(struct task_struc
 	p->utime = cputime_add(p->utime, cputime);
 
 	/* Check for signals (SIGVTALRM, SIGPROF, SIGXCPU & SIGKILL). */
-	if (likely(p->signal))
-		check_rlimit(p, cputime);
+	check_rlimit(p, cputime);
 	account_it_virt(p, cputime);
 	account_it_prof(p, cputime);
 
@@ -2377,9 +2376,10 @@ void account_system_time(struct task_str
 	p->stime = cputime_add(p->stime, cputime);
 
 	/* Check for signals (SIGPROF, SIGXCPU & SIGKILL). */
-	if (likely(p->signal))
+	if (likely(p->signal && p->exit_state < EXIT_ZOMBIE)) {
 		check_rlimit(p, cputime);
-	account_it_prof(p, cputime);
+		account_it_prof(p, cputime);
+	}
 
 	/* Add system time to cpustat. */
 	tmp = cputime_to_cputime64(cputime);
_