• Oleg Nesterov's avatar
    [PATCH] check_process_timers: fix possible lockup · 8f17fc20
    Oleg Nesterov authored
    If the local timer interrupt happens just after do_exit() sets PF_EXITING
    (and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call
    check_process_timers() with tasklist_lock + ->siglock held and
    
    	check_process_timers:
    
    		t = tsk;
    		do {
    			....
    
    			do {
    				t = next_thread(t);
    			} while (unlikely(t->flags & PF_EXITING));
    		} while (t != tsk);
    
    the outer loop will never stop.
    
    Actually, the window is bigger.  Another process can attach the timer
    after ->it_xxx_expires was cleared (see the next commit) and the 'if
    (PF_EXITING)' check in arm_timer() is racy (see the one after that).
    Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    8f17fc20
posix-cpu-timers.c 41.1 KB