Fix run_posix_cpu_timers()/do_exit() race condition
CPU0:
do_exit()
tsk->flags |= PF_EXITING;
/* Make sure we don't try to process any timer firings
* while we are already exiting.
*/
tsk->it_virt_expires = cputime_zero;
tsk->it_prof_expires = cputime_zero;
tsk->it_sched_expires = 0;
<window>
exit_notify()
tsk->exit_state = xxx;
CPU1 (executes this code in the <window>):
setitimer()
process_timer_rebalance()
tsk->it_prof_expires=xxx;
This triggers the BUG_ON(tsk->exit_state) in run_posix_cpu_timers().
Signed-off-by: Arun Sharma <[email protected]>
--- linux-2.6.12/kernel/posix-cpu-timers.c- 2005-09-22 04:10:16.000000000 -0700
+++ linux-2.6.12/kernel/posix-cpu-timers.c 2005-09-22 04:10:18.000000000 -0700
@@ -500,7 +500,7 @@
left = cputime_div(cputime_sub(expires.cpu, val.cpu),
nthreads);
do {
- if (!unlikely(t->exit_state)) {
+ if (!unlikely(t->flags & PF_EXITING)) {
ticks = cputime_add(prof_ticks(t), left);
if (cputime_eq(t->it_prof_expires,
cputime_zero) ||
@@ -515,7 +515,7 @@
left = cputime_div(cputime_sub(expires.cpu, val.cpu),
nthreads);
do {
- if (!unlikely(t->exit_state)) {
+ if (!unlikely(t->flags & PF_EXITING)) {
ticks = cputime_add(virt_ticks(t), left);
if (cputime_eq(t->it_virt_expires,
cputime_zero) ||
@@ -530,7 +530,7 @@
nsleft = expires.sched - val.sched;
do_div(nsleft, nthreads);
do {
- if (!unlikely(t->exit_state)) {
+ if (!unlikely(t->flags & PF_EXITING)) {
ns = t->sched_time + nsleft;
if (t->it_sched_expires == 0 ||
t->it_sched_expires > ns) {
On Fri, Sep 23, 2005 at 03:54:44PM -0700, Arun Sharma wrote:
> - if (!unlikely(t->exit_state)) {
> + if (!unlikely(t->flags & PF_EXITING)) {
I just had this problem happen again, after the patch. It looks like we
need to cover other unguarded assignments to tsk->it_prof_expires,
which could possibly race with do_exit().
Or just check for PF_EXITING in run_posix_cpu_timers() and return.
-Arun
On Fri, Sep 23, 2005 at 05:11:14PM -0700, Arun Sharma wrote:
> On Fri, Sep 23, 2005 at 03:54:44PM -0700, Arun Sharma wrote:
> > - if (!unlikely(t->exit_state)) {
> > + if (!unlikely(t->flags & PF_EXITING)) {
>
> I just had this problem happen again, after the patch. It looks like we
> need to cover other unguarded assignments to tsk->it_prof_expires,
> which could possibly race with do_exit().
False alarm, sorry. The kernel turned out be unpatched. I haven't seen
the BUG() since then.
-Arun