linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: Linus Torvalds <torvalds@osdl.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@elte.hu>,
	George Anzinger <george@wildturkeyranch.net>,
	Steven Rostedt <rostedt@goodmis.org>,
	Andrew Morton <akpm@osdl.org>
Subject: [PATCH 4/7] [hrtimers] Fix posix-timer requeue race
Date: Fri, 20 Jan 2006 02:55:49 -0000	[thread overview]
Message-ID: <20060120021342.813743000@tglx.tec.linutronix.de> (raw)
In-Reply-To: 20060120021336.134802000@tglx.tec.linutronix.de

[-- Attachment #1: 0004-hrtimers-Fix-posix-timer-requeue-race.txt --]
[-- Type: text/plain, Size: 2051 bytes --]


From: Steven Rostedtrostedt@goodmis.org <rostedt@goodmis.org>
Date: 1137711149 +0100

CPU0 expires a posix-timer and runs the callback function.
The signal is queued.
After releasing the posix-timer lock and before returning to
hrtimer_run_queue CPU0 gets interrupted.
CPU1 delivers the queued signal and rearms the timer.
CPU0 comes back to hrtimer_run_queue and sets the timer state to expired.
The next modification of the timer can result in an oops, because the state
information is wrong.

Keep track of state = RUNNING and check if the state has been in the return
path of hrtimer_run_queue. In case the state has been changed, ignore a
restart request and do not touch the state variable.

Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

---

 include/linux/hrtimer.h |    1 +
 kernel/hrtimer.c        |    5 +++++
 2 files changed, 6 insertions(+), 0 deletions(-)

7a42511f275d3c895be54f4e578921fc35e25dd2
diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h
index 089bfb1..c657f3d 100644
--- a/include/linux/hrtimer.h
+++ b/include/linux/hrtimer.h
@@ -40,6 +40,7 @@ enum hrtimer_restart {
 enum hrtimer_state {
 	HRTIMER_INACTIVE,	/* Timer is inactive */
 	HRTIMER_EXPIRED,		/* Timer is expired */
+	HRTIMER_RUNNING,		/* Timer is running the callback function */
 	HRTIMER_PENDING,		/* Timer is pending */
 };
 
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index f1c4155..f580dd9 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -550,6 +550,7 @@ static inline void run_hrtimer_queue(str
 		fn = timer->function;
 		data = timer->data;
 		set_curr_timer(base, timer);
+		timer->state = HRTIMER_RUNNING;
 		__remove_hrtimer(timer, base);
 		spin_unlock_irq(&base->lock);
 
@@ -565,6 +566,10 @@ static inline void run_hrtimer_queue(str
 
 		spin_lock_irq(&base->lock);
 
+		/* Another CPU has added back the timer */
+		if (timer->state != HRTIMER_RUNNING)
+			continue;
+
 		if (restart == HRTIMER_RESTART)
 			enqueue_hrtimer(timer, base);
 		else
-- 
1.0.8

--


  parent reply	other threads:[~2006-01-20  2:56 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-20  2:55 [PATCH 0/7] hrtimers updates Thomas Gleixner
2006-01-20  2:55 ` [PATCH 1/7] [hrtimers] Fixup itimer conversion Thomas Gleixner
2006-01-20  2:55 ` [PATCH 2/7] [hrtimers] Fix possible use of NULL pointer in posix-timers Thomas Gleixner
2006-01-20  2:55 ` [PATCH 3/7] [hrtimers] Fix oldvalue return in setitimer Thomas Gleixner
2006-01-24 21:56   ` Orion Poplawski
2006-01-25  6:56     ` Thomas Gleixner
2006-01-20  2:55 ` Thomas Gleixner [this message]
2006-01-20 11:36   ` [PATCH 4/7] [hrtimers] Fix posix-timer requeue race Roman Zippel
2006-01-20  2:55 ` [PATCH 5/7] [hrtimers] Cleanups and simplifications Thomas Gleixner
2006-01-20  2:55 ` [PATCH 6/7] [hrtimers] Add back lost credit lines Thomas Gleixner
2006-01-20  2:55 ` [PATCH 7/7] [hrtimers] Set correct initial expiry time for relative SIGEV_NONE timers Thomas Gleixner
2006-01-20  5:11   ` Andrew Morton
2006-01-20  9:49     ` Thomas Gleixner
2006-01-20 16:33   ` George Anzinger
2006-01-20 16:58     ` Thomas Gleixner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060120021342.813743000@tglx.tec.linutronix.de \
    --to=tglx@linutronix.de \
    --cc=akpm@osdl.org \
    --cc=george@wildturkeyranch.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=rostedt@goodmis.org \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).