diff options
author | Bodo Stroesser <bstroesser@fujitsu-siemens.com> | 2005-05-07 00:30:54 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-05-07 01:09:30 -0400 |
commit | 0f7e663dea7f0e22f3b2d07156c5e9d2e8656610 (patch) | |
tree | 669450b10e1677d3ea65aa7695a7834f791ce329 /arch/um | |
parent | b8bd0220c1ac6273eda66e25d992654219f846b6 (diff) |
[PATCH] uml: Fix process exit race
tt-mode closes switch_pipes in exit_thread_tt and kills processes in
switch_to_tt, if the exit_state is EXIT_DEAD or EXIT_ZOMBIE.
In very rare cases the exiting process can be scheduled out after having set
exit_state and closed switch_pipes (from release_task it calls proc_pid_flush,
which might sleep). If this process is to be restarted, UML failes in
switch_to_tt with:
write of switch_pipe failed, err = 9
We fix this by closing switch_pipes not in exit_thread_tt, but later in
release_thread_tt. Additionally, we set switch_pipe[0] = 0 after closing.
switch_to_tt must not kill "from" process depending on its exit_state, but
must kill it after release_thread was processed only, so it examines
switch_pipe[0] for its decision.
Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch/um')
-rw-r--r-- | arch/um/kernel/process_kern.c | 1 | ||||
-rw-r--r-- | arch/um/kernel/skas/include/mode_kern-skas.h | 1 | ||||
-rw-r--r-- | arch/um/kernel/skas/process_kern.c | 4 | ||||
-rw-r--r-- | arch/um/kernel/tt/include/mode_kern-tt.h | 1 | ||||
-rw-r--r-- | arch/um/kernel/tt/process_kern.c | 20 |
5 files changed, 11 insertions, 16 deletions
diff --git a/arch/um/kernel/process_kern.c b/arch/um/kernel/process_kern.c index 3dcb080c44a0..c1adf7ba3fd1 100644 --- a/arch/um/kernel/process_kern.c +++ b/arch/um/kernel/process_kern.c | |||
@@ -142,7 +142,6 @@ void release_thread(struct task_struct *task) | |||
142 | 142 | ||
143 | void exit_thread(void) | 143 | void exit_thread(void) |
144 | { | 144 | { |
145 | CHOOSE_MODE(exit_thread_tt(), exit_thread_skas()); | ||
146 | unprotect_stack((unsigned long) current_thread); | 145 | unprotect_stack((unsigned long) current_thread); |
147 | } | 146 | } |
148 | 147 | ||
diff --git a/arch/um/kernel/skas/include/mode_kern-skas.h b/arch/um/kernel/skas/include/mode_kern-skas.h index 94c564962378..e48490028111 100644 --- a/arch/um/kernel/skas/include/mode_kern-skas.h +++ b/arch/um/kernel/skas/include/mode_kern-skas.h | |||
@@ -18,7 +18,6 @@ extern int copy_thread_skas(int nr, unsigned long clone_flags, | |||
18 | unsigned long sp, unsigned long stack_top, | 18 | unsigned long sp, unsigned long stack_top, |
19 | struct task_struct *p, struct pt_regs *regs); | 19 | struct task_struct *p, struct pt_regs *regs); |
20 | extern void release_thread_skas(struct task_struct *task); | 20 | extern void release_thread_skas(struct task_struct *task); |
21 | extern void exit_thread_skas(void); | ||
22 | extern void initial_thread_cb_skas(void (*proc)(void *), void *arg); | 21 | extern void initial_thread_cb_skas(void (*proc)(void *), void *arg); |
23 | extern void init_idle_skas(void); | 22 | extern void init_idle_skas(void); |
24 | extern void flush_tlb_kernel_range_skas(unsigned long start, | 23 | extern void flush_tlb_kernel_range_skas(unsigned long start, |
diff --git a/arch/um/kernel/skas/process_kern.c b/arch/um/kernel/skas/process_kern.c index 5d096ea63b97..ab5d3271da0b 100644 --- a/arch/um/kernel/skas/process_kern.c +++ b/arch/um/kernel/skas/process_kern.c | |||
@@ -83,10 +83,6 @@ void release_thread_skas(struct task_struct *task) | |||
83 | { | 83 | { |
84 | } | 84 | } |
85 | 85 | ||
86 | void exit_thread_skas(void) | ||
87 | { | ||
88 | } | ||
89 | |||
90 | void fork_handler(int sig) | 86 | void fork_handler(int sig) |
91 | { | 87 | { |
92 | change_sig(SIGUSR1, 1); | 88 | change_sig(SIGUSR1, 1); |
diff --git a/arch/um/kernel/tt/include/mode_kern-tt.h b/arch/um/kernel/tt/include/mode_kern-tt.h index 28aaab3448fa..e0ca0e0b2516 100644 --- a/arch/um/kernel/tt/include/mode_kern-tt.h +++ b/arch/um/kernel/tt/include/mode_kern-tt.h | |||
@@ -19,7 +19,6 @@ extern int copy_thread_tt(int nr, unsigned long clone_flags, unsigned long sp, | |||
19 | unsigned long stack_top, struct task_struct *p, | 19 | unsigned long stack_top, struct task_struct *p, |
20 | struct pt_regs *regs); | 20 | struct pt_regs *regs); |
21 | extern void release_thread_tt(struct task_struct *task); | 21 | extern void release_thread_tt(struct task_struct *task); |
22 | extern void exit_thread_tt(void); | ||
23 | extern void initial_thread_cb_tt(void (*proc)(void *), void *arg); | 22 | extern void initial_thread_cb_tt(void (*proc)(void *), void *arg); |
24 | extern void init_idle_tt(void); | 23 | extern void init_idle_tt(void); |
25 | extern void flush_tlb_kernel_range_tt(unsigned long start, unsigned long end); | 24 | extern void flush_tlb_kernel_range_tt(unsigned long start, unsigned long end); |
diff --git a/arch/um/kernel/tt/process_kern.c b/arch/um/kernel/tt/process_kern.c index f19f7c18febe..df810ca8fc12 100644 --- a/arch/um/kernel/tt/process_kern.c +++ b/arch/um/kernel/tt/process_kern.c | |||
@@ -65,8 +65,7 @@ void *switch_to_tt(void *prev, void *next, void *last) | |||
65 | panic("write of switch_pipe failed, err = %d", -err); | 65 | panic("write of switch_pipe failed, err = %d", -err); |
66 | 66 | ||
67 | reading = 1; | 67 | reading = 1; |
68 | if((from->exit_state == EXIT_ZOMBIE) || | 68 | if(from->thread.mode.tt.switch_pipe[0] == -1) |
69 | (from->exit_state == EXIT_DEAD)) | ||
70 | os_kill_process(os_getpid(), 0); | 69 | os_kill_process(os_getpid(), 0); |
71 | 70 | ||
72 | err = os_read_file(from->thread.mode.tt.switch_pipe[0], &c, sizeof(c)); | 71 | err = os_read_file(from->thread.mode.tt.switch_pipe[0], &c, sizeof(c)); |
@@ -81,8 +80,7 @@ void *switch_to_tt(void *prev, void *next, void *last) | |||
81 | * in case it has not already killed itself. | 80 | * in case it has not already killed itself. |
82 | */ | 81 | */ |
83 | prev_sched = current->thread.prev_sched; | 82 | prev_sched = current->thread.prev_sched; |
84 | if((prev_sched->exit_state == EXIT_ZOMBIE) || | 83 | if(prev_sched->thread.mode.tt.switch_pipe[0] == -1) |
85 | (prev_sched->exit_state == EXIT_DEAD)) | ||
86 | os_kill_process(prev_sched->thread.mode.tt.extern_pid, 1); | 84 | os_kill_process(prev_sched->thread.mode.tt.extern_pid, 1); |
87 | 85 | ||
88 | change_sig(SIGVTALRM, vtalrm); | 86 | change_sig(SIGVTALRM, vtalrm); |
@@ -101,14 +99,18 @@ void release_thread_tt(struct task_struct *task) | |||
101 | { | 99 | { |
102 | int pid = task->thread.mode.tt.extern_pid; | 100 | int pid = task->thread.mode.tt.extern_pid; |
103 | 101 | ||
102 | /* | ||
103 | * We first have to kill the other process, before | ||
104 | * closing its switch_pipe. Else it might wake up | ||
105 | * and receive "EOF" before we could kill it. | ||
106 | */ | ||
104 | if(os_getpid() != pid) | 107 | if(os_getpid() != pid) |
105 | os_kill_process(pid, 0); | 108 | os_kill_process(pid, 0); |
106 | } | ||
107 | 109 | ||
108 | void exit_thread_tt(void) | 110 | os_close_file(task->thread.mode.tt.switch_pipe[0]); |
109 | { | 111 | os_close_file(task->thread.mode.tt.switch_pipe[1]); |
110 | os_close_file(current->thread.mode.tt.switch_pipe[0]); | 112 | /* use switch_pipe as flag: thread is released */ |
111 | os_close_file(current->thread.mode.tt.switch_pipe[1]); | 113 | task->thread.mode.tt.switch_pipe[0] = -1; |
112 | } | 114 | } |
113 | 115 | ||
114 | void suspend_new_thread(int fd) | 116 | void suspend_new_thread(int fd) |