diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2005-06-28 23:44:47 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-06-29 00:20:30 -0400 |
commit | f01b1b0baa454825ed95c28d2a6a71bbf4510836 (patch) | |
tree | 6a7dda617cdb79933780b841429e67ec7c908d52 | |
parent | b36bbb6c3d5244eaf52241ec69f79494137f2db0 (diff) |
[PATCH] ITIMER_REAL: fix possible deadlock and race
As Steven Rostedt pointed out, there are 2 problems with ITIMER_REAL
timers.
1. do_setitimer() does not call del_timer_sync() in case
when the timer is not pending (it_real_value() returns 0).
This is wrong, the timer may still be running, and it can
rearm itself.
2. It calls del_timer_sync() with tsk->sighand->siglock held.
This is deadlockable, because timer's handler needs this
lock too.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | kernel/itimer.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/kernel/itimer.c b/kernel/itimer.c index 1dc988e0d2c7..a72cb0e5aa4b 100644 --- a/kernel/itimer.c +++ b/kernel/itimer.c | |||
@@ -153,11 +153,15 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue) | |||
153 | 153 | ||
154 | switch (which) { | 154 | switch (which) { |
155 | case ITIMER_REAL: | 155 | case ITIMER_REAL: |
156 | again: | ||
156 | spin_lock_irq(&tsk->sighand->siglock); | 157 | spin_lock_irq(&tsk->sighand->siglock); |
157 | interval = tsk->signal->it_real_incr; | 158 | interval = tsk->signal->it_real_incr; |
158 | val = it_real_value(tsk->signal); | 159 | val = it_real_value(tsk->signal); |
159 | if (val) | 160 | /* We are sharing ->siglock with it_real_fn() */ |
160 | del_timer_sync(&tsk->signal->real_timer); | 161 | if (try_to_del_timer_sync(&tsk->signal->real_timer) < 0) { |
162 | spin_unlock_irq(&tsk->sighand->siglock); | ||
163 | goto again; | ||
164 | } | ||
161 | tsk->signal->it_real_incr = | 165 | tsk->signal->it_real_incr = |
162 | timeval_to_jiffies(&value->it_interval); | 166 | timeval_to_jiffies(&value->it_interval); |
163 | it_real_arm(tsk, timeval_to_jiffies(&value->it_value)); | 167 | it_real_arm(tsk, timeval_to_jiffies(&value->it_value)); |