[PATCH 11/12] UML - Fix process exit race

From: Bodo Stroesser <[email protected]>

tt-mode closes switch_pipes in exit_thread_tt and kills
processes in switch_to_tt, if the exit_state is 
EXIT_DEAD or EXIT_ZOMBIE.
In very rare cases the exiting process can be scheduled out
after having set exit_state and closed switch_pipes (from
release_task it calls proc_pid_flush, which might sleep).
If this process is to be restarted, UML failes in
switch_to_tt with:
   write of switch_pipe failed, err = 9
We fix this by closing switch_pipes not in exit_thread_tt,
but later in release_thread_tt. Additionally, we set
switch_pipe[0] = 0 after closing. switch_to_tt must not
kill "from" process depending on its exit_state, but must
kill it after release_thread was processed only, so it
examines switch_pipe[0] for its decision.

Signed-off-by: Bodo Stroesser <[email protected]>
Signed-off-by: Jeff Dike <[email protected]>

Index: linux-2.6.12-rc3-mm/arch/um/kernel/process_kern.c
===================================================================
--- linux-2.6.12-rc3-mm.orig/arch/um/kernel/process_kern.c	2005-05-06 14:52:11.000000000 -0400
+++ linux-2.6.12-rc3-mm/arch/um/kernel/process_kern.c	2005-05-06 14:53:03.000000000 -0400
@@ -143,7 +143,6 @@
  
 void exit_thread(void)
 {
-	CHOOSE_MODE(exit_thread_tt(), exit_thread_skas());
 	unprotect_stack((unsigned long) current_thread);
 }
  
Index: linux-2.6.12-rc3-mm/arch/um/kernel/skas/include/mode_kern-skas.h
===================================================================
--- linux-2.6.12-rc3-mm.orig/arch/um/kernel/skas/include/mode_kern-skas.h	2005-05-06 14:35:08.000000000 -0400
+++ linux-2.6.12-rc3-mm/arch/um/kernel/skas/include/mode_kern-skas.h	2005-05-06 14:53:03.000000000 -0400
@@ -18,7 +18,6 @@
 			    unsigned long sp, unsigned long stack_top,
 			    struct task_struct *p, struct pt_regs *regs);
 extern void release_thread_skas(struct task_struct *task);
-extern void exit_thread_skas(void);
 extern void initial_thread_cb_skas(void (*proc)(void *), void *arg);
 extern void init_idle_skas(void);
 extern void flush_tlb_kernel_range_skas(unsigned long start,
Index: linux-2.6.12-rc3-mm/arch/um/kernel/skas/process_kern.c
===================================================================
--- linux-2.6.12-rc3-mm.orig/arch/um/kernel/skas/process_kern.c	2005-05-06 14:35:08.000000000 -0400
+++ linux-2.6.12-rc3-mm/arch/um/kernel/skas/process_kern.c	2005-05-06 14:53:03.000000000 -0400
@@ -83,10 +83,6 @@
 {
 }
 
-void exit_thread_skas(void)
-{
-}
-
 void fork_handler(int sig)
 {
         change_sig(SIGUSR1, 1);
Index: linux-2.6.12-rc3-mm/arch/um/kernel/tt/include/mode_kern-tt.h
===================================================================
--- linux-2.6.12-rc3-mm.orig/arch/um/kernel/tt/include/mode_kern-tt.h	2005-05-06 14:35:08.000000000 -0400
+++ linux-2.6.12-rc3-mm/arch/um/kernel/tt/include/mode_kern-tt.h	2005-05-06 14:53:03.000000000 -0400
@@ -19,7 +19,6 @@
 			  unsigned long stack_top, struct task_struct *p,
 			  struct pt_regs *regs);
 extern void release_thread_tt(struct task_struct *task);
-extern void exit_thread_tt(void);
 extern void initial_thread_cb_tt(void (*proc)(void *), void *arg);
 extern void init_idle_tt(void);
 extern void flush_tlb_kernel_range_tt(unsigned long start, unsigned long end);
Index: linux-2.6.12-rc3-mm/arch/um/kernel/tt/process_kern.c
===================================================================
--- linux-2.6.12-rc3-mm.orig/arch/um/kernel/tt/process_kern.c	2005-05-06 14:35:08.000000000 -0400
+++ linux-2.6.12-rc3-mm/arch/um/kernel/tt/process_kern.c	2005-05-06 14:54:39.000000000 -0400
@@ -65,8 +65,7 @@
 		panic("write of switch_pipe failed, err = %d", -err);
 
 	reading = 1;
-	if((from->exit_state == EXIT_ZOMBIE) ||
-	   (from->exit_state == EXIT_DEAD))
+        if(from->thread.mode.tt.switch_pipe[0] == -1)
 		os_kill_process(os_getpid(), 0);
 
 	err = os_read_file(from->thread.mode.tt.switch_pipe[0], &c, sizeof(c));
@@ -81,8 +80,7 @@
 	 * in case it has not already killed itself.
 	 */
 	prev_sched = current->thread.prev_sched;
-	if((prev_sched->exit_state == EXIT_ZOMBIE) ||
-	   (prev_sched->exit_state == EXIT_DEAD))
+        if(prev_sched->thread.mode.tt.switch_pipe[0] == -1)
 		os_kill_process(prev_sched->thread.mode.tt.extern_pid, 1);
 
 	change_sig(SIGVTALRM, vtalrm);
@@ -101,14 +99,18 @@
 {
 	int pid = task->thread.mode.tt.extern_pid;
 
+	/*
+         * We first have to kill the other process, before
+         * closing its switch_pipe. Else it might wake up
+         * and receive "EOF" before we could kill it.
+         */
 	if(os_getpid() != pid)
 		os_kill_process(pid, 0);
-}
 
-void exit_thread_tt(void)
-{
-	os_close_file(current->thread.mode.tt.switch_pipe[0]);
-	os_close_file(current->thread.mode.tt.switch_pipe[1]);
+        os_close_file(task->thread.mode.tt.switch_pipe[0]);
+        os_close_file(task->thread.mode.tt.switch_pipe[1]);
+	/* use switch_pipe as flag: thread is released */
+        task->thread.mode.tt.switch_pipe[0] = -1;
 }
 
 void suspend_new_thread(int fd)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: [PATCH 3/12] UML - command line handling cleanup
• Next by Date: [PATCH 9/12] UML - Use CONFIG variable for address space size
• Previous by thread: [PATCH 3/12] UML - command line handling cleanup
• Next by thread: [PATCH 9/12] UML - Use CONFIG variable for address space size
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]