commit 67a077dca4e648a662e32cbeaaba8094d2e30229 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
posix-timers: fix posix_timer_event() vs dequeue_signal() race
posix-timers: do_schedule_next_timer: fix the setting of ->si_overrun

Linus Torvalds 17 years ago 67a077dc 9b4d0bab

+15 -5

2 changed files

expand all

unified split

kernel

posix-timers.c

signal.c

+14 -5

kernel/posix-timers.c

··· 289 else 290 schedule_next_timer(timr); 291 292 - info->si_overrun = timr->it_overrun_last; 293 } 294 295 if (timr) 296 unlock_timer(timr, flags); 297 } 298 299 - int posix_timer_event(struct k_itimer *timr,int si_private) 300 { 301 - memset(&timr->sigq->info, 0, sizeof(siginfo_t)); 302 timr->sigq->info.si_sys_private = si_private; 303 - /* Send signal to the process that owns this timer.*/ 304 305 timr->sigq->info.si_signo = timr->it_sigev_signo; 306 - timr->sigq->info.si_errno = 0; 307 timr->sigq->info.si_code = SI_TIMER; 308 timr->sigq->info.si_tid = timr->it_id; 309 timr->sigq->info.si_value = timr->it_sigev_value; ··· 443 kmem_cache_free(posix_timers_cache, tmr); 444 tmr = NULL; 445 } 446 return tmr; 447 } 448

··· 289 else 290 schedule_next_timer(timr); 291 292 + info->si_overrun += timr->it_overrun_last; 293 } 294 295 if (timr) 296 unlock_timer(timr, flags); 297 } 298 299 + int posix_timer_event(struct k_itimer *timr, int si_private) 300 { 301 + /* 302 + * FIXME: if ->sigq is queued we can race with 303 + * dequeue_signal()->do_schedule_next_timer(). 304 + * 305 + * If dequeue_signal() sees the "right" value of 306 + * si_sys_private it calls do_schedule_next_timer(). 307 + * We re-queue ->sigq and drop ->it_lock(). 308 + * do_schedule_next_timer() locks the timer 309 + * and re-schedules it while ->sigq is pending. 310 + * Not really bad, but not that we want. 311 + */ 312 timr->sigq->info.si_sys_private = si_private; 313 314 timr->sigq->info.si_signo = timr->it_sigev_signo; 315 timr->sigq->info.si_code = SI_TIMER; 316 timr->sigq->info.si_tid = timr->it_id; 317 timr->sigq->info.si_value = timr->it_sigev_value; ··· 435 kmem_cache_free(posix_timers_cache, tmr); 436 tmr = NULL; 437 } 438 + memset(&tmr->sigq->info, 0, sizeof(siginfo_t)); 439 return tmr; 440 } 441

kernel/signal.c

··· 1304 q->info.si_overrun++; 1305 goto out; 1306 } 1307 1308 signalfd_notify(t, sig); 1309 pending = group ? &t->signal->shared_pending : &t->pending;

··· 1304 q->info.si_overrun++; 1305 goto out; 1306 } 1307 + q->info.si_overrun = 0; 1308 1309 signalfd_notify(t, sig); 1310 pending = group ? &t->signal->shared_pending : &t->pending;