diff options
author | akpm@osdl.org <akpm@osdl.org> | 2006-02-01 06:05:10 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-02-01 11:53:13 -0500 |
commit | ff60a5dc4fa584d47022d2533bc5c53b80096fb5 (patch) | |
tree | 230e685e1cf26a9ade0e9446d87d41c503444be3 /kernel/hrtimer.c | |
parent | a16a1c095a2392d49fafea22f3a508e268ef7167 (diff) |
[PATCH] hrtimers: fix posix-timer requeue race
From: Steven Rostedtrostedt@goodmis.org <rostedt@goodmis.org>
CPU0 expires a posix-timer and runs the callback function. The signal is
queued.
After releasing the posix-timer lock and before returning to hrtimer_run_queue
CPU0 gets interrupted. CPU1 delivers the queued signal and rearms the timer.
CPU0 comes back to hrtimer_run_queue and sets the timer state to expired.
The next modification of the timer can result in an oops, because the state
information is wrong.
Keep track of state = RUNNING and check if the state has been in the return
path of hrtimer_run_queue. In case the state has been changed, ignore a
restart request and do not touch the state variable.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel/hrtimer.c')
-rw-r--r-- | kernel/hrtimer.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c index f1c4155b49ac..f580dd9db286 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c | |||
@@ -550,6 +550,7 @@ static inline void run_hrtimer_queue(struct hrtimer_base *base) | |||
550 | fn = timer->function; | 550 | fn = timer->function; |
551 | data = timer->data; | 551 | data = timer->data; |
552 | set_curr_timer(base, timer); | 552 | set_curr_timer(base, timer); |
553 | timer->state = HRTIMER_RUNNING; | ||
553 | __remove_hrtimer(timer, base); | 554 | __remove_hrtimer(timer, base); |
554 | spin_unlock_irq(&base->lock); | 555 | spin_unlock_irq(&base->lock); |
555 | 556 | ||
@@ -565,6 +566,10 @@ static inline void run_hrtimer_queue(struct hrtimer_base *base) | |||
565 | 566 | ||
566 | spin_lock_irq(&base->lock); | 567 | spin_lock_irq(&base->lock); |
567 | 568 | ||
569 | /* Another CPU has added back the timer */ | ||
570 | if (timer->state != HRTIMER_RUNNING) | ||
571 | continue; | ||
572 | |||
568 | if (restart == HRTIMER_RESTART) | 573 | if (restart == HRTIMER_RESTART) |
569 | enqueue_hrtimer(timer, base); | 574 | enqueue_hrtimer(timer, base); |
570 | else | 575 | else |