• Roland McGrath's avatar
    [PATCH] Fix cpu timers exit deadlock and races · e03d13e9
    Roland McGrath authored
    Oleg Nesterov reported an SMP deadlock.  If there is a running timer
    tracking a different process's CPU time clock when the process owning
    the timer exits, we deadlock on tasklist_lock in posix_cpu_timer_del via
    exit_itimers.
    
    That code was using tasklist_lock to check for a race with __exit_signal
    being called on the timer-target task and clearing its ->signal.
    However, there is actually no such race.  __exit_signal will have called
    posix_cpu_timers_exit and posix_cpu_timers_exit_group before it does
    that.  Those will clear those k_itimer's association with the dying
    task, so posix_cpu_timer_del will return early and never reach the code
    in question.
    
    In addition, posix_cpu_timer_del called from exit_itimers during execve
    or directly from timer_delete in the process owning the timer can race
    with an exiting timer-target task to cause a double put on timer-target
    task struct.  Make sure we always access cpu_timers lists with sighand
    lock held.
    Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
    Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    e03d13e9
posix-cpu-timers.c 40.9 KB