aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@tv-sign.ru>2006-06-15 12:11:15 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-17 13:52:13 -0400
commit8f17fc20bfb75bcec4cfeda789738979c8338fdc (patch)
treeec84c5222de58b4d26507c892d0b8f828a6dce7e
parent88d113601ca19c82feb038438c8c5db502d146f9 (diff)
[PATCH] check_process_timers: fix possible lockup
If the local timer interrupt happens just after do_exit() sets PF_EXITING (and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call check_process_timers() with tasklist_lock + ->siglock held and check_process_timers: t = tsk; do { .... do { t = next_thread(t); } while (unlikely(t->flags & PF_EXITING)); } while (t != tsk); the outer loop will never stop. Actually, the window is bigger. Another process can attach the timer after ->it_xxx_expires was cleared (see the next commit) and the 'if (PF_EXITING)' check in arm_timer() is racy (see the one after that). Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--kernel/posix-cpu-timers.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
index 520f6c59948d..9d9169aa2e24 100644
--- a/kernel/posix-cpu-timers.c
+++ b/kernel/posix-cpu-timers.c
@@ -1173,6 +1173,9 @@ static void check_process_timers(struct task_struct *tsk,
1173 } 1173 }
1174 t = tsk; 1174 t = tsk;
1175 do { 1175 do {
1176 if (unlikely(t->flags & PF_EXITING))
1177 continue;
1178
1176 ticks = cputime_add(cputime_add(t->utime, t->stime), 1179 ticks = cputime_add(cputime_add(t->utime, t->stime),
1177 prof_left); 1180 prof_left);
1178 if (!cputime_eq(prof_expires, cputime_zero) && 1181 if (!cputime_eq(prof_expires, cputime_zero) &&
@@ -1193,11 +1196,7 @@ static void check_process_timers(struct task_struct *tsk,
1193 t->it_sched_expires > sched)) { 1196 t->it_sched_expires > sched)) {
1194 t->it_sched_expires = sched; 1197 t->it_sched_expires = sched;
1195 } 1198 }
1196 1199 } while ((t = next_thread(t)) != tsk);
1197 do {
1198 t = next_thread(t);
1199 } while (unlikely(t->flags & PF_EXITING));
1200 } while (t != tsk);
1201 } 1200 }
1202} 1201}
1203 1202