[PATCH] check_process_timers: fix possible lockup

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If the local timer interrupt happens just after do_exit() sets PF_EXITING
(and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call
check_process_timers() with tasklist_lock + ->siglock held and

check_process_timers:

t = tsk;
do {
....

do {
t = next_thread(t);
} while (unlikely(t->flags & PF_EXITING));
} while (t != tsk);

the outer loop will never stop.

Actually, the window is bigger. Another process can attach the timer
after ->it_xxx_expires was cleared (see the next commit) and the 'if
(PF_EXITING)' check in arm_timer() is racy (see the one after that).

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

Oleg Nesterov and committed by

Linus Torvalds 20 years ago 8f17fc20 88d11360

+4 -5

1 changed file

expand all

kernel

posix-cpu-timers.c

+4 -5

kernel/posix-cpu-timers.c

··· 1173 1173 } 1174 1174 t = tsk; 1175 1175 do { 1176 + if (unlikely(t->flags & PF_EXITING)) 1177 + continue; 1178 + 1176 1179 ticks = cputime_add(cputime_add(t->utime, t->stime), 1177 1180 prof_left); 1178 1181 if (!cputime_eq(prof_expires, cputime_zero) && ··· 1196 1193 t->it_sched_expires > sched)) { 1197 1194 t->it_sched_expires = sched; 1198 1195 } 1199 - 1200 - do { 1201 - t = next_thread(t); 1202 - } while (unlikely(t->flags & PF_EXITING)); 1203 - } while (t != tsk); 1196 + } while ((t = next_thread(t)) != tsk); 1204 1197 } 1205 1198 } 1206 1199

Configure Feed

Configure Feed