From 254ebb9b7e5262e1498c070da7027d1bed59de8c Mon Sep 17 00:00:00 2001
From: Yasunori Goto <y-goto@jp.fujitsu.com>
Date: Tue, 17 Jan 2012 17:40:31 +0900
Subject: [PATCH] --- yaml --- r: 287137 b: refs/heads/master c:
 b5740f4b2cb3503b436925eb2242bc3d75cd3dfe h: refs/heads/master i:   287135:
 8fb9c7698bc13bbe720908d60cfbe228cbcf8757 v: v3

---
 [refs]              |  2 +-
 trunk/kernel/exit.c | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 96c2e28ab9cc..be10b3be5408 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 71325960d16cd68ea0e22a8da15b2495b0f363f7
+refs/heads/master: b5740f4b2cb3503b436925eb2242bc3d75cd3dfe
diff --git a/trunk/kernel/exit.c b/trunk/kernel/exit.c
index 294b1709170d..4b4042f9bc6a 100644
--- a/trunk/kernel/exit.c
+++ b/trunk/kernel/exit.c
@@ -1038,6 +1038,22 @@ void do_exit(long code)
 	if (tsk->nr_dirtied)
 		__this_cpu_add(dirty_throttle_leaks, tsk->nr_dirtied);
 	exit_rcu();
+
+	/*
+	 * The setting of TASK_RUNNING by try_to_wake_up() may be delayed
+	 * when the following two conditions become true.
+	 *   - There is race condition of mmap_sem (It is acquired by
+	 *     exit_mm()), and
+	 *   - SMI occurs before setting TASK_RUNINNG.
+	 *     (or hypervisor of virtual machine switches to other guest)
+	 *  As a result, we may become TASK_RUNNING after becoming TASK_DEAD
+	 *
+	 * To avoid it, we have to wait for releasing tsk->pi_lock which
+	 * is held by try_to_wake_up()
+	 */
+	smp_mb();
+	raw_spin_unlock_wait(&tsk->pi_lock);
+
 	/* causes final put_task_struct in finish_task_switch(). */
 	tsk->state = TASK_DEAD;
 	tsk->flags |= PF_NOFREEZE;	/* tell freezer to ignore us */