From: Greg Kroah-Hartman Date: Mon, 19 Jun 2006 20:24:55 +0000 (-0700) Subject: add another patch to 2.6.16 queue X-Git-Tag: v2.6.16.21~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d61e57ab6cb103c36927e409e284f85181a5ce2;p=thirdparty%2Fkernel%2Fstable-queue.git add another patch to 2.6.16 queue --- diff --git a/queue-2.6.16/check_process_timers-fix-possible-lockup.patch b/queue-2.6.16/check_process_timers-fix-possible-lockup.patch new file mode 100644 index 00000000000..1b181c4a84c --- /dev/null +++ b/queue-2.6.16/check_process_timers-fix-possible-lockup.patch @@ -0,0 +1,58 @@ +From 8f17fc20bfb75bcec4cfeda789738979c8338fdc Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Thu, 15 Jun 2006 20:11:15 +0400 +Subject: check_process_timers: fix possible lockup + +If the local timer interrupt happens just after do_exit() sets PF_EXITING +(and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call +check_process_timers() with tasklist_lock + ->siglock held and + + check_process_timers: + + t = tsk; + do { + .... + + do { + t = next_thread(t); + } while (unlikely(t->flags & PF_EXITING)); + } while (t != tsk); + +the outer loop will never stop. + +Actually, the window is bigger. Another process can attach the timer +after ->it_xxx_expires was cleared (see the next commit) and the 'if +(PF_EXITING)' check in arm_timer() is racy (see the one after that). + +Signed-off-by: Oleg Nesterov +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + kernel/posix-cpu-timers.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +--- linux-2.6.16.20.orig/kernel/posix-cpu-timers.c ++++ linux-2.6.16.20/kernel/posix-cpu-timers.c +@@ -1173,6 +1173,9 @@ static void check_process_timers(struct + } + t = tsk; + do { ++ if (unlikely(t->flags & PF_EXITING)) ++ continue; ++ + ticks = cputime_add(cputime_add(t->utime, t->stime), + prof_left); + if (!cputime_eq(prof_expires, cputime_zero) && +@@ -1193,11 +1196,7 @@ static void check_process_timers(struct + t->it_sched_expires > sched)) { + t->it_sched_expires = sched; + } +- +- do { +- t = next_thread(t); +- } while (unlikely(t->flags & PF_EXITING)); +- } while (t != tsk); ++ } while ((t = next_thread(t)) != tsk); + } + } + diff --git a/queue-2.6.16/series b/queue-2.6.16/series index e0b81a963bd..affee0a93a7 100644 --- a/queue-2.6.16/series +++ b/queue-2.6.16/series @@ -10,3 +10,4 @@ jfs-fix-multiple-errors-in-metapage_releasepage.patch scsi_lib.c-properly-count-the-number-of-pages-in-scsi_req_map_sg.patch i2o-bugfixes-to-get-i2o-working-again.patch powernow-k8-crash-workaround.patch +check_process_timers-fix-possible-lockup.patch