From: Oleg Nesterov <oleg@tv-sign.ru>

de_thread() calls del_timer_sync(->real_timer) under ->sighand->siglock. 
This is deadlockable, it_real_fn sends a signal and needs this lock too.

Also, delete unneeded ->real_timer.data assignment.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/exec.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletion(-)

diff -puN fs/exec.c~fix-de_thread-vs-it_real_fn-deadlock fs/exec.c
--- devel/fs/exec.c~fix-de_thread-vs-it_real_fn-deadlock	2005-09-24 22:45:56.000000000 -0700
+++ devel-akpm/fs/exec.c	2005-09-24 22:45:56.000000000 -0700
@@ -645,8 +645,10 @@ static inline int de_thread(struct task_
 		 * before we can safely let the old group leader die.
 		 */
 		sig->real_timer.data = (unsigned long)current;
+		spin_unlock_irq(lock);
 		if (del_timer_sync(&sig->real_timer))
 			add_timer(&sig->real_timer);
+		spin_lock_irq(lock);
 	}
 	while (atomic_read(&sig->count) > count) {
 		sig->group_exit_task = current;
@@ -658,7 +660,6 @@ static inline int de_thread(struct task_
 	}
 	sig->group_exit_task = NULL;
 	sig->notify_count = 0;
-	sig->real_timer.data = (unsigned long)current;
 	spin_unlock_irq(lock);
 
 	/*
_