diff options
| author | akpm@osdl.org <akpm@osdl.org> | 2006-02-01 06:05:10 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-02-01 11:53:13 -0500 |
| commit | ff60a5dc4fa584d47022d2533bc5c53b80096fb5 (patch) | |
| tree | 230e685e1cf26a9ade0e9446d87d41c503444be3 | |
| parent | a16a1c095a2392d49fafea22f3a508e268ef7167 (diff) | |
[PATCH] hrtimers: fix posix-timer requeue race
From: Steven Rostedtrostedt@goodmis.org <rostedt@goodmis.org>
CPU0 expires a posix-timer and runs the callback function. The signal is
queued.
After releasing the posix-timer lock and before returning to hrtimer_run_queue
CPU0 gets interrupted. CPU1 delivers the queued signal and rearms the timer.
CPU0 comes back to hrtimer_run_queue and sets the timer state to expired.
The next modification of the timer can result in an oops, because the state
information is wrong.
Keep track of state = RUNNING and check if the state has been in the return
path of hrtimer_run_queue. In case the state has been changed, ignore a
restart request and do not touch the state variable.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| -rw-r--r-- | include/linux/hrtimer.h | 1 | ||||
| -rw-r--r-- | kernel/hrtimer.c | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h index 089bfb1fa01a..c657f3d4924a 100644 --- a/include/linux/hrtimer.h +++ b/include/linux/hrtimer.h | |||
| @@ -40,6 +40,7 @@ enum hrtimer_restart { | |||
| 40 | enum hrtimer_state { | 40 | enum hrtimer_state { |
| 41 | HRTIMER_INACTIVE, /* Timer is inactive */ | 41 | HRTIMER_INACTIVE, /* Timer is inactive */ |
| 42 | HRTIMER_EXPIRED, /* Timer is expired */ | 42 | HRTIMER_EXPIRED, /* Timer is expired */ |
| 43 | HRTIMER_RUNNING, /* Timer is running the callback function */ | ||
| 43 | HRTIMER_PENDING, /* Timer is pending */ | 44 | HRTIMER_PENDING, /* Timer is pending */ |
| 44 | }; | 45 | }; |
| 45 | 46 | ||
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c index f1c4155b49ac..f580dd9db286 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c | |||
| @@ -550,6 +550,7 @@ static inline void run_hrtimer_queue(struct hrtimer_base *base) | |||
| 550 | fn = timer->function; | 550 | fn = timer->function; |
| 551 | data = timer->data; | 551 | data = timer->data; |
| 552 | set_curr_timer(base, timer); | 552 | set_curr_timer(base, timer); |
| 553 | timer->state = HRTIMER_RUNNING; | ||
| 553 | __remove_hrtimer(timer, base); | 554 | __remove_hrtimer(timer, base); |
| 554 | spin_unlock_irq(&base->lock); | 555 | spin_unlock_irq(&base->lock); |
| 555 | 556 | ||
| @@ -565,6 +566,10 @@ static inline void run_hrtimer_queue(struct hrtimer_base *base) | |||
| 565 | 566 | ||
| 566 | spin_lock_irq(&base->lock); | 567 | spin_lock_irq(&base->lock); |
| 567 | 568 | ||
| 569 | /* Another CPU has added back the timer */ | ||
| 570 | if (timer->state != HRTIMER_RUNNING) | ||
| 571 | continue; | ||
| 572 | |||
| 568 | if (restart == HRTIMER_RESTART) | 573 | if (restart == HRTIMER_RESTART) |
| 569 | enqueue_hrtimer(timer, base); | 574 | enqueue_hrtimer(timer, base); |
| 570 | else | 575 | else |