Commit 8f17fc20 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds

[PATCH] check_process_timers: fix possible lockup

If the local timer interrupt happens just after do_exit() sets PF_EXITING
(and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call
check_process_timers() with tasklist_lock + ->siglock held and

	check_process_timers:

		t = tsk;
		do {
			....

			do {
				t = next_thread(t);
			} while (unlikely(t->flags & PF_EXITING));
		} while (t != tsk);

the outer loop will never stop.

Actually, the window is bigger.  Another process can attach the timer
after ->it_xxx_expires was cleared (see the next commit) and the 'if
(PF_EXITING)' check in arm_timer() is racy (see the one after that).
Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 88d11360
...@@ -1173,6 +1173,9 @@ static void check_process_timers(struct task_struct *tsk, ...@@ -1173,6 +1173,9 @@ static void check_process_timers(struct task_struct *tsk,
} }
t = tsk; t = tsk;
do { do {
if (unlikely(t->flags & PF_EXITING))
continue;
ticks = cputime_add(cputime_add(t->utime, t->stime), ticks = cputime_add(cputime_add(t->utime, t->stime),
prof_left); prof_left);
if (!cputime_eq(prof_expires, cputime_zero) && if (!cputime_eq(prof_expires, cputime_zero) &&
...@@ -1193,11 +1196,7 @@ static void check_process_timers(struct task_struct *tsk, ...@@ -1193,11 +1196,7 @@ static void check_process_timers(struct task_struct *tsk,
t->it_sched_expires > sched)) { t->it_sched_expires > sched)) {
t->it_sched_expires = sched; t->it_sched_expires = sched;
} }
} while ((t = next_thread(t)) != tsk);
do {
t = next_thread(t);
} while (unlikely(t->flags & PF_EXITING));
} while (t != tsk);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment