Re: Race condition in time/alarmtimer.c

All of lore.kernel.org
 help / color / mirror / Atom feed

From: John Stultz <john.stultz@linaro.org>
To: Marcus Gelderie <redmnic@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Race condition in time/alarmtimer.c
Date: Mon, 22 Jul 2013 12:04:43 -0700	[thread overview]
Message-ID: <51ED824B.10102@linaro.org> (raw)
In-Reply-To: <20130629134715.GB19380@cantor.Speedport_W_503V_Typ_C>

On 06/29/2013 06:47 AM, Marcus Gelderie wrote:
> On Mo, Jun 24, 2013 at 09:12:03PM +0200, Marcus Gelderie wrote:
>> Hi,
>>
>> there seems to be a race condition in kernel/time/alarmtimer.c
>>
>> More specifically, the following function (line numbers correspond to actual file):
>>
>> 584 static int alarmtimer_do_nsleep(struct alarm *alarm, ktime_t absexp)
>> 585 {
>> 586         alarm->data = (void *)current;
>> 587         do {
>> 588                 set_current_state(TASK_INTERRUPTIBLE);
>> 589                 alarm_start(alarm, absexp);
>> 590                 if (likely(alarm->data))
>> 591                         schedule();
>> 592
>> 593                 alarm_cancel(alarm);
>> 594         } while (alarm->data && !signal_pending(current));
>> 595
>> 596         __set_current_state(TASK_RUNNING);
>> 597
>> 598         return (alarm->data == NULL);
>> 599 }
>>
>> has a race: If the task is preempted after set_current_state(TASK_INTERRUPTIBLE)
>> but before the alarm is started in the next line, the task never wakes up.
>>
>> Swapping both lines is not an option either, because then the alarm might trigger before
>> the thread sets itself to TASK_INTERRUPTIBLE, thereby loosing the wakeup.
>>
>> A spinlock would disable preemption and protect alarm->data against the race from another CPU.
>> We could wrap lines 588 and 589 with a spin lock. Then the wakeup code would also aquire the
>> lock, of course. The lock could be attached to struct alarm.
>>
>> An alternative would be a waitqueue, of course.
>>
>> If folks agree with me, I will provide a patch.

So does this race also affect the hrtimer do_nanosleep?

thanks
-john

     prev parent reply	other threads:[~2013-07-22 19:04 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-24 19:12 Race condition in time/alarmtimer.c Marcus Gelderie
2013-06-29 13:47 ` Marcus Gelderie
2013-07-22 19:04   ` John Stultz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51ED824B.10102@linaro.org \
    --to=john.stultz@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=redmnic@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.