aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Schwidefsky <schwidefsky@de.ibm.com>2005-09-03 18:58:02 -0400
committerLinus Torvalds <torvalds@evo.osdl.org>2005-09-05 03:06:28 -0400
commitb6d09449d53f5aa7c67b1be3e90d7b7ab2aad09c (patch)
tree37386fada73b07e6028b76ed58a9f59215f8de43
parent4c24da79e29537f0e240a331220a1c46cb9bc085 (diff)
[PATCH] s390: pfault interrupt race
There is a race in pfault_interrupt. That function gets called two times for each pfault notification. Once with a subcode of 0 to indicate that a real page is not available and once with a subcode of 0x80 to indicate that the page is present again. Since the two external interrupts can be delivered on two different cpus the order in which the two calls are made is unpredictable. It is possible that the subcode 0x80 interrupt is completed before the subcode 0x00 interrupt has done the wake_up() call. To avoid calling wake_up() on an already removed task structure proper task structure reference counting is needed. Increase the reference counter in the subcode 0x00 interrupt before setting pfault_wait to zero and return the reference after the wake_up call. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--arch/s390/mm/fault.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
index 75fde949d125..856a971759b1 100644
--- a/arch/s390/mm/fault.c
+++ b/arch/s390/mm/fault.c
@@ -563,12 +563,14 @@ pfault_interrupt(struct pt_regs *regs, __u16 error_code)
563 * interrupt. pfault_wait is valid. Set pfault_wait 563 * interrupt. pfault_wait is valid. Set pfault_wait
564 * back to zero and wake up the process. This can 564 * back to zero and wake up the process. This can
565 * safely be done because the task is still sleeping 565 * safely be done because the task is still sleeping
566 * and can't procude new pfaults. */ 566 * and can't produce new pfaults. */
567 tsk->thread.pfault_wait = 0; 567 tsk->thread.pfault_wait = 0;
568 wake_up_process(tsk); 568 wake_up_process(tsk);
569 put_task_struct(tsk);
569 } 570 }
570 } else { 571 } else {
571 /* signal bit not set -> a real page is missing. */ 572 /* signal bit not set -> a real page is missing. */
573 get_task_struct(tsk);
572 set_task_state(tsk, TASK_UNINTERRUPTIBLE); 574 set_task_state(tsk, TASK_UNINTERRUPTIBLE);
573 if (xchg(&tsk->thread.pfault_wait, 1) != 0) { 575 if (xchg(&tsk->thread.pfault_wait, 1) != 0) {
574 /* Completion interrupt was faster than the initial 576 /* Completion interrupt was faster than the initial
@@ -578,6 +580,7 @@ pfault_interrupt(struct pt_regs *regs, __u16 error_code)
578 * mode and can't produce new pfaults. */ 580 * mode and can't produce new pfaults. */
579 tsk->thread.pfault_wait = 0; 581 tsk->thread.pfault_wait = 0;
580 set_task_state(tsk, TASK_RUNNING); 582 set_task_state(tsk, TASK_RUNNING);
583 put_task_struct(tsk);
581 } else 584 } else
582 set_tsk_need_resched(tsk); 585 set_tsk_need_resched(tsk);
583 } 586 }