> I don't think this can work. context->siginfo can be cleared and then > set again in between. If we race with SIGKILL, utrace_get_signal() > can dequeue another signal != SIGKILL and start the reporting loop.
That's not supposed to be possible. See "sigset_t sigkill_only;" et al. I guess it is possible when it's an earlier utrace_stop() that is what's broken by SIGKILL. Then utrace_get_signal() is entered when SIGKILL is pending. It should have a fatal_signal_pending() check earlier then. We really want it to be ironclad that when UTRACE_STOP is broken the only meaningful thing that can happen is do_group_exit(SIGKILL). > I thought about > > *info = *context_info; > rmb(); > if (fatal_ignal_pending(tracee)) > return -ERR; > > But I think it is better to do theses cleanups after V1. Agreed. Thanks, Roland
