]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
add another patch to 2.6.16 queue
authorGreg Kroah-Hartman <gregkh@suse.de>
Mon, 19 Jun 2006 20:24:55 +0000 (13:24 -0700)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 19 Jun 2006 20:24:55 +0000 (13:24 -0700)
queue-2.6.16/check_process_timers-fix-possible-lockup.patch [new file with mode: 0644]
queue-2.6.16/series

diff --git a/queue-2.6.16/check_process_timers-fix-possible-lockup.patch b/queue-2.6.16/check_process_timers-fix-possible-lockup.patch
new file mode 100644 (file)
index 0000000..1b181c4
--- /dev/null
@@ -0,0 +1,58 @@
+From 8f17fc20bfb75bcec4cfeda789738979c8338fdc Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@tv-sign.ru>
+Date: Thu, 15 Jun 2006 20:11:15 +0400
+Subject: check_process_timers: fix possible lockup
+
+If the local timer interrupt happens just after do_exit() sets PF_EXITING
+(and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call
+check_process_timers() with tasklist_lock + ->siglock held and
+
+       check_process_timers:
+
+               t = tsk;
+               do {
+                       ....
+
+                       do {
+                               t = next_thread(t);
+                       } while (unlikely(t->flags & PF_EXITING));
+               } while (t != tsk);
+
+the outer loop will never stop.
+
+Actually, the window is bigger.  Another process can attach the timer
+after ->it_xxx_expires was cleared (see the next commit) and the 'if
+(PF_EXITING)' check in arm_timer() is racy (see the one after that).
+
+Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
+Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ kernel/posix-cpu-timers.c |    9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- linux-2.6.16.20.orig/kernel/posix-cpu-timers.c
++++ linux-2.6.16.20/kernel/posix-cpu-timers.c
+@@ -1173,6 +1173,9 @@ static void check_process_timers(struct 
+               }
+               t = tsk;
+               do {
++                      if (unlikely(t->flags & PF_EXITING))
++                              continue;
++
+                       ticks = cputime_add(cputime_add(t->utime, t->stime),
+                                           prof_left);
+                       if (!cputime_eq(prof_expires, cputime_zero) &&
+@@ -1193,11 +1196,7 @@ static void check_process_timers(struct 
+                                             t->it_sched_expires > sched)) {
+                               t->it_sched_expires = sched;
+                       }
+-
+-                      do {
+-                              t = next_thread(t);
+-                      } while (unlikely(t->flags & PF_EXITING));
+-              } while (t != tsk);
++              } while ((t = next_thread(t)) != tsk);
+       }
+ }
index e0b81a963bdf5f293827012c59c94f00110d5c6b..affee0a93a74056ce29ebf7c53a94800d2dc9e05 100644 (file)
@@ -10,3 +10,4 @@ jfs-fix-multiple-errors-in-metapage_releasepage.patch
 scsi_lib.c-properly-count-the-number-of-pages-in-scsi_req_map_sg.patch
 i2o-bugfixes-to-get-i2o-working-again.patch
 powernow-k8-crash-workaround.patch
+check_process_timers-fix-possible-lockup.patch