Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
posix-timers: fix posix_timer_event() vs dequeue_signal() race
posix-timers: do_schedule_next_timer: fix the setting of ->si_overrun
+14
-5
kernel/posix-timers.c
+14
-5
kernel/posix-timers.c
···
289
289
else
290
290
schedule_next_timer(timr);
291
291
292
-
info->si_overrun = timr->it_overrun_last;
292
+
info->si_overrun += timr->it_overrun_last;
293
293
}
294
294
295
295
if (timr)
296
296
unlock_timer(timr, flags);
297
297
}
298
298
299
-
int posix_timer_event(struct k_itimer *timr,int si_private)
299
+
int posix_timer_event(struct k_itimer *timr, int si_private)
300
300
{
301
-
memset(&timr->sigq->info, 0, sizeof(siginfo_t));
301
+
/*
302
+
* FIXME: if ->sigq is queued we can race with
303
+
* dequeue_signal()->do_schedule_next_timer().
304
+
*
305
+
* If dequeue_signal() sees the "right" value of
306
+
* si_sys_private it calls do_schedule_next_timer().
307
+
* We re-queue ->sigq and drop ->it_lock().
308
+
* do_schedule_next_timer() locks the timer
309
+
* and re-schedules it while ->sigq is pending.
310
+
* Not really bad, but not that we want.
311
+
*/
302
312
timr->sigq->info.si_sys_private = si_private;
303
-
/* Send signal to the process that owns this timer.*/
304
313
305
314
timr->sigq->info.si_signo = timr->it_sigev_signo;
306
-
timr->sigq->info.si_errno = 0;
307
315
timr->sigq->info.si_code = SI_TIMER;
308
316
timr->sigq->info.si_tid = timr->it_id;
309
317
timr->sigq->info.si_value = timr->it_sigev_value;
···
443
435
kmem_cache_free(posix_timers_cache, tmr);
444
436
tmr = NULL;
445
437
}
438
+
memset(&tmr->sigq->info, 0, sizeof(siginfo_t));
446
439
return tmr;
447
440
}
448
441