diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2006-06-15 20:11:15 +0400 |
---|---|---|
committer | Chris Wright <chrisw@sous-sol.org> | 2006-06-20 01:54:52 -0700 |
commit | 5705264e83bd9f8918895d8f5ddddbdeb062c719 (patch) | |
tree | 11ba63a74fb0907ee686c1c30cd58d95b0f4e555 | |
parent | ad325de56677938d8c58b376e1d7813b50527263 (diff) | |
download | lwn-5705264e83bd9f8918895d8f5ddddbdeb062c719.tar.gz lwn-5705264e83bd9f8918895d8f5ddddbdeb062c719.zip |
[PATCH] check_process_timers: fix possible lockup
If the local timer interrupt happens just after do_exit() sets PF_EXITING
(and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call
check_process_timers() with tasklist_lock + ->siglock held and
check_process_timers:
t = tsk;
do {
....
do {
t = next_thread(t);
} while (unlikely(t->flags & PF_EXITING));
} while (t != tsk);
the outer loop will never stop.
Actually, the window is bigger. Another process can attach the timer
after ->it_xxx_expires was cleared (see the next commit) and the 'if
(PF_EXITING)' check in arm_timer() is racy (see the one after that).
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-rw-r--r-- | kernel/posix-cpu-timers.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c index 520f6c59948d..9d9169aa2e24 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c @@ -1173,6 +1173,9 @@ static void check_process_timers(struct task_struct *tsk, } t = tsk; do { + if (unlikely(t->flags & PF_EXITING)) + continue; + ticks = cputime_add(cputime_add(t->utime, t->stime), prof_left); if (!cputime_eq(prof_expires, cputime_zero) && @@ -1193,11 +1196,7 @@ static void check_process_timers(struct task_struct *tsk, t->it_sched_expires > sched)) { t->it_sched_expires = sched; } - - do { - t = next_thread(t); - } while (unlikely(t->flags & PF_EXITING)); - } while (t != tsk); + } while ((t = next_thread(t)) != tsk); } } |