From: Oleg Nesterov <oleg@redhat.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Dave Chinner <david@fromorbit.com>, Dave Jones <davej@redhat.com>,
Eric Sandeen <sandeen@sandeen.net>,
Linux Kernel <linux-kernel@vger.kernel.org>,
xfs@oss.sgi.com
Subject: Re: 3.14-rc2 XFS backtrace because irqs_disabled.
Date: Sat, 15 Feb 2014 16:33:41 +0100 [thread overview]
Message-ID: <20140215153341.GA18472@redhat.com> (raw)
In-Reply-To: <20140215152251.GY18016@ZenIV.linux.org.uk>
On 02/15, Al Viro wrote:
>
> On Sat, Feb 15, 2014 at 03:27:00PM +0100, Oleg Nesterov wrote:
>
> > 1. info->q can be already freed if SIGQUEUE_PREALLOC.
> >
> > Once get_signal_to_deliver() or any other caller drops ->siglock
> > another thread can do sys_timer_delete()->sigqueue_free().
>
> How the devil would it find the sucker?
It simply frees the SIGQUEUE_PREALLOC sigqueue, k_itimer->sigq.
> It's off the list already.
Exactly, list_empty(q->list) == T. So release_posix_timer()->sigqueue_free()
assumes we can safely free it.
> > 2. We need to move do_schedule_next_timer() from dequeue_signal()
> > here.
> >
> > Otherwise ->q can be reused/overwritten by the next send_sigqueue()
> > right affter ->siglock is dropped.
>
> Ditto. We rip them out of queue on collect_signal();
Yes, and dequeue_signal()->do_schedule_next_timer() can trigger another
send_sigqueue() which uses the same SIGQUEUE_PREALLOC sigqueue once we
drop ->siglock.
This is not that bad, but at least ->si_overrun can be overwritten
before __setup_rt_frame()->copy_siginfo_to_user().
Oleg.
next prev parent reply other threads:[~2014-02-15 15:33 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-11 17:27 3.14-rc2 XFS backtrace because irqs_disabled Dave Jones
2014-02-11 21:08 ` Dave Chinner
2014-02-11 21:49 ` Eric Sandeen
2014-02-12 0:44 ` Dave Jones
2014-02-12 1:09 ` Al Viro
2014-02-12 2:52 ` Linus Torvalds
2014-02-12 4:03 ` Dave Jones
2014-02-12 4:22 ` Al Viro
2014-02-12 5:40 ` Dave Chinner
2014-02-12 5:50 ` Dave Jones
2014-02-12 6:10 ` Dave Chinner
2014-02-12 6:31 ` Dave Chinner
2014-02-12 6:59 ` Linus Torvalds
2014-02-12 8:13 ` Tejun Heo
2014-02-12 12:44 ` Steven Rostedt
2014-02-12 8:35 ` Dave Chinner
2014-02-12 12:50 ` Steven Rostedt
2014-02-12 12:40 ` Steven Rostedt
2014-02-12 13:29 ` Peter Zijlstra
2014-02-12 14:25 ` Dave Jones
2014-02-12 21:14 ` Dave Chinner
2014-02-12 15:57 ` Eric Sandeen
2014-02-12 6:28 ` Linus Torvalds
2014-02-12 7:18 ` Dave Chinner
2014-02-14 0:24 ` Dave Chinner
2014-02-14 16:01 ` Dave Jones
2014-02-15 22:23 ` Dave Chinner
2014-02-15 22:28 ` Dave Jones
2014-02-15 22:43 ` Linus Torvalds
2014-02-15 23:50 ` Linus Torvalds
2014-02-18 1:27 ` Dave Chinner
2014-02-12 11:39 ` Al Viro
2014-02-12 20:13 ` Linus Torvalds
2014-02-12 21:14 ` Al Viro
2014-02-12 21:32 ` Linus Torvalds
2014-02-12 21:44 ` Al Viro
2014-02-13 20:51 ` Al Viro
2014-02-14 0:09 ` Al Viro
2014-02-14 13:25 ` Christoph Hellwig
2014-02-14 13:29 ` Richard Weinberger
2014-02-14 15:20 ` Al Viro
2014-02-14 16:08 ` Oleg Nesterov
2014-02-13 17:40 ` Oleg Nesterov
2014-02-13 17:58 ` Linus Torvalds
2014-02-13 18:10 ` Oleg Nesterov
2014-02-13 18:37 ` Oleg Nesterov
2014-02-15 5:25 ` Al Viro
2014-02-15 14:27 ` Oleg Nesterov
2014-02-15 15:22 ` Al Viro
2014-02-15 15:33 ` Oleg Nesterov [this message]
2014-02-15 15:36 ` Al Viro
2014-02-15 15:58 ` Al Viro
2014-02-15 16:59 ` Al Viro
2014-02-15 17:43 ` Oleg Nesterov
2014-02-15 18:05 ` Al Viro
2014-02-15 18:45 ` Oleg Nesterov
2014-02-17 16:57 ` Oleg Nesterov
2014-02-17 17:40 ` Al Viro
2014-02-17 17:46 ` Oleg Nesterov
2014-02-17 17:54 ` Al Viro
2014-02-14 16:13 ` Christoph Hellwig
2014-02-14 16:16 ` Al Viro
2014-02-14 16:18 ` Al Viro
2014-02-14 16:19 ` Christoph Hellwig
2014-02-15 14:46 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140215153341.GA18472@redhat.com \
--to=oleg@redhat.com \
--cc=davej@redhat.com \
--cc=david@fromorbit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sandeen@sandeen.net \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).