[PATCH 4/7] [hrtimers] Fix posix-timer requeue race

From: Steven [email protected] <[email protected]>
Date: 1137711149 +0100

CPU0 expires a posix-timer and runs the callback function.
The signal is queued.
After releasing the posix-timer lock and before returning to
hrtimer_run_queue CPU0 gets interrupted.
CPU1 delivers the queued signal and rearms the timer.
CPU0 comes back to hrtimer_run_queue and sets the timer state to expired.
The next modification of the timer can result in an oops, because the state
information is wrong.

Keep track of state = RUNNING and check if the state has been in the return
path of hrtimer_run_queue. In case the state has been changed, ignore a
restart request and do not touch the state variable.

Signed-off-by: Steven Rostedt <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>

---

 include/linux/hrtimer.h |    1 +
 kernel/hrtimer.c        |    5 +++++
 2 files changed, 6 insertions(+), 0 deletions(-)

7a42511f275d3c895be54f4e578921fc35e25dd2
diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h
index 089bfb1..c657f3d 100644
--- a/include/linux/hrtimer.h
+++ b/include/linux/hrtimer.h
@@ -40,6 +40,7 @@ enum hrtimer_restart {
 enum hrtimer_state {
 	HRTIMER_INACTIVE,	/* Timer is inactive */
 	HRTIMER_EXPIRED,		/* Timer is expired */
+	HRTIMER_RUNNING,		/* Timer is running the callback function */
 	HRTIMER_PENDING,		/* Timer is pending */
 };
 
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index f1c4155..f580dd9 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -550,6 +550,7 @@ static inline void run_hrtimer_queue(str
 		fn = timer->function;
 		data = timer->data;
 		set_curr_timer(base, timer);
+		timer->state = HRTIMER_RUNNING;
 		__remove_hrtimer(timer, base);
 		spin_unlock_irq(&base->lock);
 
@@ -565,6 +566,10 @@ static inline void run_hrtimer_queue(str
 
 		spin_lock_irq(&base->lock);
 
+		/* Another CPU has added back the timer */
+		if (timer->state != HRTIMER_RUNNING)
+			continue;
+
 		if (restart == HRTIMER_RESTART)
 			enqueue_hrtimer(timer, base);
 		else
-- 
1.0.8

--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH 4/7] [hrtimers] Fix posix-timer requeue race
    • From: Roman Zippel <[email protected]>

• References:
  • [PATCH 0/7] hrtimers updates
    • From: Thomas Gleixner <[email protected]>

• Prev by Date: [PATCH 7/7] [hrtimers] Set correct initial expiry time for relative SIGEV_NONE timers
• Next by Date: Re: SMP trouble
• Previous by thread: Re: [PATCH 7/7] [hrtimers] Set correct initial expiry time for relative SIGEV_NONE timers
• Next by thread: Re: [PATCH 4/7] [hrtimers] Fix posix-timer requeue race
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]