GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-04-02 04:24:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[PATCH] Fix cpu timers exit deadlock and races

Browse source 
Oleg Nesterov reported an SMP deadlock.  If there is a running timer
tracking a different process's CPU time clock when the process owning
the timer exits, we deadlock on tasklist_lock in posix_cpu_timer_del via
exit_itimers.

That code was using tasklist_lock to check for a race with __exit_signal
being called on the timer-target task and clearing its ->signal.
However, there is actually no such race.  __exit_signal will have called
posix_cpu_timers_exit and posix_cpu_timers_exit_group before it does
that.  Those will clear those k_itimer's association with the dying
task, so posix_cpu_timer_del will return early and never reach the code
in question.

In addition, posix_cpu_timer_del called from exit_itimers during execve
or directly from timer_delete in the process owning the timer can race
with an exiting timer-target task to cause a double put on timer-target
task struct.  Make sure we always access cpu_timers lists with sighand
lock held.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Roland McGrath 2005-10-19 22:21:23 -07:00 committed by Linus Torvalds
parent 3359b54c8c
commit e03d13e985
1 changed files with 11 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
kernel/posix-cpu-timers.c
View file

@ -387,25 +387,19 @@ int posix_cpu_timer_del(struct k_itimer *timer)
if (unlikely(p == NULL)) if (unlikely(p == NULL))
return 0; return 0;
spin_lock(&p->sighand->siglock);
if (!list_empty(&timer->it.cpu.entry)) { if (!list_empty(&timer->it.cpu.entry)) {
read_lock(&tasklist_lock); /*
if (unlikely(p->signal == NULL)) { * Take us off the task's timer list. We don't need to
/* * take tasklist_lock and check for the task being reaped.
* We raced with the reaping of the task. * If it was reaped, it already called posix_cpu_timers_exit
* The deletion should have cleared us off the list. * and posix_cpu_timers_exit_group to clear all the timers
*/ * that pointed to it.
BUG_ON(!list_empty(&timer->it.cpu.entry)); */
} else { list_del(&timer->it.cpu.entry);
/* put_task_struct(p);
* Take us off the task's timer list.
*/
spin_lock(&p->sighand->siglock);
list_del(&timer->it.cpu.entry);
spin_unlock(&p->sighand->siglock);
}
read_unlock(&tasklist_lock);
} }
put_task_struct(p); spin_unlock(&p->sighand->siglock);
return 0; return 0;
} }