diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2006-06-15 12:11:43 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-17 13:52:13 -0400 |
commit | 30f1e3dd8c72abda343bcf415f7d8894a02b4290 (patch) | |
tree | 68ef326814e3b8e6ba0159cc451cef4b71695ea3 /kernel/posix-cpu-timers.c | |
parent | 8f17fc20bfb75bcec4cfeda789738979c8338fdc (diff) |
[PATCH] run_posix_cpu_timers: remove a bogus BUG_ON()
do_exit() clears ->it_##clock##_expires, but nothing prevents
another cpu to attach the timer to exiting process after that.
arm_timer() tries to protect against this race, but the check
is racy.
After exit_notify() does 'write_unlock_irq(&tasklist_lock)' and
before do_exit() calls 'schedule() local timer interrupt can find
tsk->exit_state != 0. If that state was EXIT_DEAD (or another cpu
does sys_wait4) interrupted task has ->signal == NULL.
At this moment exiting task has no pending cpu timers, they were
cleanuped in __exit_signal()->posix_cpu_timers_exit{,_group}(),
so we can just return from irq.
John Stultz recently confirmed this bug, see
http://marc.theaimsgroup.com/?l=linux-kernel&m=115015841413687
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel/posix-cpu-timers.c')
-rw-r--r-- | kernel/posix-cpu-timers.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c index 9d9169aa2e24..4882bf1e094a 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c | |||
@@ -1288,30 +1288,30 @@ void run_posix_cpu_timers(struct task_struct *tsk) | |||
1288 | 1288 | ||
1289 | #undef UNEXPIRED | 1289 | #undef UNEXPIRED |
1290 | 1290 | ||
1291 | BUG_ON(tsk->exit_state); | ||
1292 | |||
1293 | /* | 1291 | /* |
1294 | * Double-check with locks held. | 1292 | * Double-check with locks held. |
1295 | */ | 1293 | */ |
1296 | read_lock(&tasklist_lock); | 1294 | read_lock(&tasklist_lock); |
1297 | spin_lock(&tsk->sighand->siglock); | 1295 | if (likely(tsk->signal != NULL)) { |
1296 | spin_lock(&tsk->sighand->siglock); | ||
1298 | 1297 | ||
1299 | /* | 1298 | /* |
1300 | * Here we take off tsk->cpu_timers[N] and tsk->signal->cpu_timers[N] | 1299 | * Here we take off tsk->cpu_timers[N] and tsk->signal->cpu_timers[N] |
1301 | * all the timers that are firing, and put them on the firing list. | 1300 | * all the timers that are firing, and put them on the firing list. |
1302 | */ | 1301 | */ |
1303 | check_thread_timers(tsk, &firing); | 1302 | check_thread_timers(tsk, &firing); |
1304 | check_process_timers(tsk, &firing); | 1303 | check_process_timers(tsk, &firing); |
1305 | 1304 | ||
1306 | /* | 1305 | /* |
1307 | * We must release these locks before taking any timer's lock. | 1306 | * We must release these locks before taking any timer's lock. |
1308 | * There is a potential race with timer deletion here, as the | 1307 | * There is a potential race with timer deletion here, as the |
1309 | * siglock now protects our private firing list. We have set | 1308 | * siglock now protects our private firing list. We have set |
1310 | * the firing flag in each timer, so that a deletion attempt | 1309 | * the firing flag in each timer, so that a deletion attempt |
1311 | * that gets the timer lock before we do will give it up and | 1310 | * that gets the timer lock before we do will give it up and |
1312 | * spin until we've taken care of that timer below. | 1311 | * spin until we've taken care of that timer below. |
1313 | */ | 1312 | */ |
1314 | spin_unlock(&tsk->sighand->siglock); | 1313 | spin_unlock(&tsk->sighand->siglock); |
1314 | } | ||
1315 | read_unlock(&tasklist_lock); | 1315 | read_unlock(&tasklist_lock); |
1316 | 1316 | ||
1317 | /* | 1317 | /* |