tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

[PATCH] uml: Fix process exit race

tt-mode closes switch_pipes in exit_thread_tt and kills processes in
switch_to_tt, if the exit_state is EXIT_DEAD or EXIT_ZOMBIE.

In very rare cases the exiting process can be scheduled out after having set
exit_state and closed switch_pipes (from release_task it calls proc_pid_flush,
which might sleep). If this process is to be restarted, UML failes in
switch_to_tt with:

write of switch_pipe failed, err = 9

We fix this by closing switch_pipes not in exit_thread_tt, but later in
release_thread_tt. Additionally, we set switch_pipe[0] = 0 after closing.
switch_to_tt must not kill "from" process depending on its exit_state, but
must kill it after release_thread was processed only, so it examines
switch_pipe[0] for its decision.

Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

Bodo Stroesser and committed by
Linus Torvalds 0f7e663d b8bd0220

+11 -16
-1
arch/um/kernel/process_kern.c
··· 142 142 143 143 void exit_thread(void) 144 144 { 145 - CHOOSE_MODE(exit_thread_tt(), exit_thread_skas()); 146 145 unprotect_stack((unsigned long) current_thread); 147 146 } 148 147
-1
arch/um/kernel/skas/include/mode_kern-skas.h
··· 18 18 unsigned long sp, unsigned long stack_top, 19 19 struct task_struct *p, struct pt_regs *regs); 20 20 extern void release_thread_skas(struct task_struct *task); 21 - extern void exit_thread_skas(void); 22 21 extern void initial_thread_cb_skas(void (*proc)(void *), void *arg); 23 22 extern void init_idle_skas(void); 24 23 extern void flush_tlb_kernel_range_skas(unsigned long start,
-4
arch/um/kernel/skas/process_kern.c
··· 83 83 { 84 84 } 85 85 86 - void exit_thread_skas(void) 87 - { 88 - } 89 - 90 86 void fork_handler(int sig) 91 87 { 92 88 change_sig(SIGUSR1, 1);
-1
arch/um/kernel/tt/include/mode_kern-tt.h
··· 19 19 unsigned long stack_top, struct task_struct *p, 20 20 struct pt_regs *regs); 21 21 extern void release_thread_tt(struct task_struct *task); 22 - extern void exit_thread_tt(void); 23 22 extern void initial_thread_cb_tt(void (*proc)(void *), void *arg); 24 23 extern void init_idle_tt(void); 25 24 extern void flush_tlb_kernel_range_tt(unsigned long start, unsigned long end);
+11 -9
arch/um/kernel/tt/process_kern.c
··· 65 65 panic("write of switch_pipe failed, err = %d", -err); 66 66 67 67 reading = 1; 68 - if((from->exit_state == EXIT_ZOMBIE) || 69 - (from->exit_state == EXIT_DEAD)) 68 + if(from->thread.mode.tt.switch_pipe[0] == -1) 70 69 os_kill_process(os_getpid(), 0); 71 70 72 71 err = os_read_file(from->thread.mode.tt.switch_pipe[0], &c, sizeof(c)); ··· 80 81 * in case it has not already killed itself. 81 82 */ 82 83 prev_sched = current->thread.prev_sched; 83 - if((prev_sched->exit_state == EXIT_ZOMBIE) || 84 - (prev_sched->exit_state == EXIT_DEAD)) 84 + if(prev_sched->thread.mode.tt.switch_pipe[0] == -1) 85 85 os_kill_process(prev_sched->thread.mode.tt.extern_pid, 1); 86 86 87 87 change_sig(SIGVTALRM, vtalrm); ··· 99 101 { 100 102 int pid = task->thread.mode.tt.extern_pid; 101 103 104 + /* 105 + * We first have to kill the other process, before 106 + * closing its switch_pipe. Else it might wake up 107 + * and receive "EOF" before we could kill it. 108 + */ 102 109 if(os_getpid() != pid) 103 110 os_kill_process(pid, 0); 104 - } 105 111 106 - void exit_thread_tt(void) 107 - { 108 - os_close_file(current->thread.mode.tt.switch_pipe[0]); 109 - os_close_file(current->thread.mode.tt.switch_pipe[1]); 112 + os_close_file(task->thread.mode.tt.switch_pipe[0]); 113 + os_close_file(task->thread.mode.tt.switch_pipe[1]); 114 + /* use switch_pipe as flag: thread is released */ 115 + task->thread.mode.tt.switch_pipe[0] = -1; 110 116 } 111 117 112 118 void suspend_new_thread(int fd)