[patch 6/10] s390: pfault interrupt race.

[patch 6/10] s390: pfault interrupt race.

From: Martin Schwidefsky <[email protected]>

There is a race in pfault_interrupt. That function gets called two times
for each pfault notification. Once with a subcode of 0 to indicate that
a real page is not available and once with a subcode of 0x80 to indicate
that the page is present again. Since the two external interrupts can be
delivered on two different cpus the order in which the two calls are made
is unpredictable. It is possible that the subcode 0x80 interrupt is
completed before the subcode 0x00 interrupt has done the wake_up() call.
To avoid calling wake_up() on an already removed task structure proper
task structure reference counting is needed. Increase the reference
counter in the subcode 0x00 interrupt before setting pfault_wait to zero
and return the reference after the wake_up call.

Signed-off-by: Martin Schwidefsky <[email protected]>

diffstat:
 arch/s390/mm/fault.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletion(-)

diff -urpN linux-2.6/arch/s390/mm/fault.c linux-2.6-patched/arch/s390/mm/fault.c
--- linux-2.6/arch/s390/mm/fault.c	2005-08-29 01:41:01.000000000 +0200
+++ linux-2.6-patched/arch/s390/mm/fault.c	2005-08-29 19:18:09.000000000 +0200
@@ -563,12 +563,14 @@ pfault_interrupt(struct pt_regs *regs, _
 			 * interrupt. pfault_wait is valid. Set pfault_wait
 			 * back to zero and wake up the process. This can
 			 * safely be done because the task is still sleeping
-			 * and can't procude new pfaults. */
+			 * and can't produce new pfaults. */
 			tsk->thread.pfault_wait = 0;
 			wake_up_process(tsk);
+			put_task_struct(tsk);
 		}
 	} else {
 		/* signal bit not set -> a real page is missing. */
+		get_task_struct(tsk);
 		set_task_state(tsk, TASK_UNINTERRUPTIBLE);
 		if (xchg(&tsk->thread.pfault_wait, 1) != 0) {
 			/* Completion interrupt was faster than the initial
@@ -578,6 +580,7 @@ pfault_interrupt(struct pt_regs *regs, _
 			 * mode and can't produce new pfaults. */
 			tsk->thread.pfault_wait = 0;
 			set_task_state(tsk, TASK_RUNNING);
+			put_task_struct(tsk);
 		} else
 			set_tsk_need_resched(tsk);
 	}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: 2.6.13 new option timer frequency
• Next by Date: [patch 9/10] s390: spinlock corner case.
• Previous by thread: 2.6.13 new option timer frequency
• Next by thread: [patch 9/10] s390: spinlock corner case.
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]