Re: [RFC, 2.6.26.2-rc1] posix timers: release_posix_timer: kill thebogus put_task_struct(->it_process)

From: Sven Wegener
Date: Sat Aug 02 2008 - 18:28:59 EST

Next message: Paul Collins: "Re: nfsd, v4: oops in find_acceptable_alias, ppc32 Linux, post-2.6.27-rc1"
Previous message: Brian Beattie: "ioctl's suck?"
In reply to: Arjan van de Ven: "Re: [RFC, 2.6.26.2-rc1] posix timers: release_posix_timer: kill thebogus put_task_struct(->it_process)"
Next in thread: Oleg Nesterov: "Re: [RFC, 2.6.26.2-rc1] posix timers: release_posix_timer: kill the bogus put_task_struct(->it_process)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2 Aug 2008, Oliver Pinter wrote:

> It is an RFC for sending this patch for stable, when this patch needed, then send ACK and CC stable,
> if not then send NAK.

I'd say big NAK. Have you ever looked at the full commit message and patch
at all? It says "release_posix_timer() can't be called with ->it_process
!= NULL.". Point. The rest is the explanation why this can't happen. And
looking at the patch, we see that it just removes code that actually never
gets executed under the mentioned preconditions. It's a pure cleanup patch
and doesn't qualify for -stable. Same goes for the other posix timer patch
you mailed out.

> ---
> From 96347e7759e2e433c427defa0fa1adfc8cce6226 Mon Sep 17 00:00:00 2001
> From: Oleg Nesterov <oleg@xxxxxxxxxx>
> Date: Fri, 25 Jul 2008 01:47:27 -0700
> Subject: [PATCH] posix timers: release_posix_timer: kill the bogus put_task_struct(->it_process);
>
> [ Upstream commit 96347e7759e2e433c427defa0fa1adfc8cce6226 ]
>
> release_posix_timer() can't be called with ->it_process != NULL. Once
> sys_timer_create() sets ->it_process it must not call
> release_posix_timer(), otherwise we can race with another thread doing
> sys_timer_delete(), this timer is visible to idr_find() and unlocked.
>
> The same is true for two other callers (actually, for any possible
> caller), sys_timer_delete() and itimer_delete(). They must clear
> ->it_process before unlock_timer() + release_posix_timer().
>
> Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
> Acked-by: Roland McGrath <roland@xxxxxxxxxx>
> Cc: john stultz <johnstul@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Roland McGrath <roland@xxxxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> CC: Oliver Pinter <oliver.pntr@xxxxxxxxx>
>
> diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
> index 17f5326..9a21681 100644
> --- a/kernel/posix-timers.c
> +++ b/kernel/posix-timers.c
> @@ -449,9 +449,6 @@ static void release_posix_timer(struct k_itimer *tmr, int it_id_set)
> spin_unlock_irqrestore(&idr_lock, flags);
> }
> sigqueue_free(tmr->sigq);
> - if (unlikely(tmr->it_process) &&
> - tmr->it_sigev_notify == (SIGEV_SIGNAL|SIGEV_THREAD_ID))
> - put_task_struct(tmr->it_process);
> kmem_cache_free(posix_timers_cache, tmr);
> }
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Collins: "Re: nfsd, v4: oops in find_acceptable_alias, ppc32 Linux, post-2.6.27-rc1"
Previous message: Brian Beattie: "ioctl's suck?"
In reply to: Arjan van de Ven: "Re: [RFC, 2.6.26.2-rc1] posix timers: release_posix_timer: kill thebogus put_task_struct(->it_process)"
Next in thread: Oleg Nesterov: "Re: [RFC, 2.6.26.2-rc1] posix timers: release_posix_timer: kill the bogus put_task_struct(->it_process)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]