From: Oleg Nesterov <oleg@tv-sign.ru>
To: tglx@linutronix.de, Ingo Molnar <mingo@elte.hu>,
Roland McGrath <roland@redhat.com>,
George Anzinger <george@mvista.com>,
linux-kernel@vger.kernel.org,
Steven Rostedt <rostedt@goodmis.org>,
"Paul E. McKenney" <paulmck@us.ibm.com>,
Andrew Morton <akpm@osdl.org>
Subject: [PATCH] fix exit_itimers() vs posix_timer_event() AB-BA deadlock
Date: Sat, 24 Sep 2005 17:42:19 +0400 [thread overview]
Message-ID: <433557BB.EE6E5FE5@tv-sign.ru> (raw)
In-Reply-To: 430B4C35.AE7CD179@tv-sign.ru
CPU_0 CPU_1
release_task: posix_timer_fn:
write_lock(tasklist); spin_lock(timer->it_lock);
exit_timers: send_sigqueue:
spin_lock(timer->it_lock) read_lock(tasklist);
Actually, it is a bit worse. If posix timer starts between tasklist
locking and del_timer_sync() call this deadlock will happen because
of TIMER_RETRY logic.
With this patch posix_timer_event() detects the exiting thread group
and aborts the sending of signal (taking tasklist_lock). To simplify
the code tasklist locking moved from send_{,group_}sigqueue to the
posix_timer_event().
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
--- 2.6.14-rc2/kernel/posix-timers.c~1_DLOCK 2005-09-17 18:57:30.000000000 +0400
+++ 2.6.14-rc2/kernel/posix-timers.c 2005-09-24 18:03:05.000000000 +0400
@@ -411,6 +411,10 @@ exit:
int posix_timer_event(struct k_itimer *timr,int si_private)
{
+ struct task_struct *leader, *zombie;
+ int (*send_actor)(int, struct sigqueue *, struct task_struct *);
+ int ret;
+
memset(&timr->sigq->info, 0, sizeof(siginfo_t));
timr->sigq->info.si_sys_private = si_private;
/*
@@ -428,22 +432,40 @@ int posix_timer_event(struct k_itimer *t
timr->sigq->info.si_tid = timr->it_id;
timr->sigq->info.si_value = timr->it_sigev_value;
- if (timr->it_sigev_notify & SIGEV_THREAD_ID) {
- struct task_struct *leader;
- int ret = send_sigqueue(timr->it_sigev_signo, timr->sigq,
- timr->it_process);
-
- if (likely(ret >= 0))
- return ret;
-
- timr->it_sigev_notify = SIGEV_SIGNAL;
- leader = timr->it_process->group_leader;
- put_task_struct(timr->it_process);
- timr->it_process = leader;
- }
-
- return send_group_sigqueue(timr->it_sigev_signo, timr->sigq,
- timr->it_process);
+ /*
+ * We are locking ->it_lock + tasklist_lock backwards
+ * from release_task()->exit_itimers(), beware deadlock.
+ */
+ leader = timr->it_process->group_leader;
+ while (unlikely(!read_trylock(&tasklist_lock))) {
+ if (leader->flags & PF_EXITING) {
+ smp_rmb();
+ if (thread_group_empty(leader))
+ return 0;
+ }
+ cpu_relax();
+ }
+
+ zombie = NULL;
+ send_actor = send_group_sigqueue;
+ if (timr->it_sigev_notify & SIGEV_THREAD_ID) {
+ if (unlikely(timr->it_process->flags & PF_EXITING)) {
+ zombie = timr->it_process;
+ timr->it_process = leader;
+ timr->it_sigev_notify = SIGEV_SIGNAL;
+ } else
+ send_actor = send_sigqueue;
+ }
+
+ ret = send_actor(timr->it_sigev_signo, timr->sigq,
+ timr->it_process);
+
+ read_unlock(&tasklist_lock);
+
+ if (unlikely(zombie != NULL))
+ put_task_struct(zombie);
+
+ return ret;
}
EXPORT_SYMBOL_GPL(posix_timer_event);
--- 2.6.14-rc2/kernel/signal.c~1_DLOCK 2005-09-17 18:57:30.000000000 +0400
+++ 2.6.14-rc2/kernel/signal.c 2005-09-24 18:01:11.000000000 +0400
@@ -1367,22 +1367,14 @@ send_sigqueue(int sig, struct sigqueue *
int ret = 0;
BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
- read_lock(&tasklist_lock);
-
- if (unlikely(p->flags & PF_EXITING)) {
- ret = -1;
- goto out_err;
- }
-
spin_lock_irqsave(&p->sighand->siglock, flags);
if (unlikely(!list_empty(&q->list))) {
+ BUG_ON(q->info.si_code != SI_TIMER);
/*
* If an SI_TIMER entry is already queue just increment
* the overrun count.
*/
- if (q->info.si_code != SI_TIMER)
- BUG();
q->info.si_overrun++;
goto out;
}
@@ -1400,9 +1392,6 @@ send_sigqueue(int sig, struct sigqueue *
out:
spin_unlock_irqrestore(&p->sighand->siglock, flags);
-out_err:
- read_unlock(&tasklist_lock);
-
return ret;
}
@@ -1413,7 +1402,6 @@ send_group_sigqueue(int sig, struct sigq
int ret = 0;
BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
- read_lock(&tasklist_lock);
spin_lock_irqsave(&p->sighand->siglock, flags);
handle_stop_signal(sig, p);
@@ -1424,13 +1412,12 @@ send_group_sigqueue(int sig, struct sigq
}
if (unlikely(!list_empty(&q->list))) {
+ BUG_ON(q->info.si_code != SI_TIMER);
/*
* If an SI_TIMER entry is already queue just increment
* the overrun count. Other uses should not try to
* send the signal multiple times.
*/
- if (q->info.si_code != SI_TIMER)
- BUG();
q->info.si_overrun++;
goto out;
}
@@ -1447,8 +1434,7 @@ send_group_sigqueue(int sig, struct sigq
__group_complete_signal(sig, p);
out:
spin_unlock_irqrestore(&p->sighand->siglock, flags);
- read_unlock(&tasklist_lock);
- return(ret);
+ return ret;
}
/*
next prev parent reply other threads:[~2005-09-24 13:30 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-18 6:01 2.6.13-rc6-rt9 Ingo Molnar
2005-08-18 15:24 ` 2.6.13-rc6-rt9 Thomas Gleixner
2005-08-18 16:08 ` 2.6.13-rc6-rt9 Thomas Gleixner
2005-08-18 21:17 ` 2.6.13-rc6-rt9 Thomas Gleixner
2005-08-18 22:54 ` [2.6.13-rc6-rt9 patch] fix DECNET_ROUTER=y compile Adrian Bunk
2005-08-22 7:59 ` Ingo Molnar
2005-08-18 22:54 ` 2.6.13-rc6-rt9: compile errors Adrian Bunk
2005-08-22 8:44 ` Ingo Molnar
2005-08-19 0:05 ` 2.6.13-rc6-rt9 Chuck Harding
2005-08-19 6:39 ` 2.6.13-rc6-rt9 Steven Rostedt
2005-08-19 13:00 ` 2.6.13-rc6-rt9 Steven Rostedt
2005-08-19 15:36 ` 2.6.13-rc6-rt9 Steven Rostedt
2005-08-22 7:57 ` 2.6.13-rc6-rt9 Ingo Molnar
2005-08-22 7:58 ` 2.6.13-rc6-rt9 Ingo Molnar
2005-08-23 12:36 ` 2.6.13-rc6-rt9 Ingo Molnar
2005-08-23 12:50 ` 2.6.13-rc6-rt9 Steven Rostedt
2005-08-23 12:56 ` 2.6.13-rc6-rt9 Ingo Molnar
2005-08-19 16:56 ` 2.6.13-rc6-rt9 Peter Zijlstra
2005-08-19 18:30 ` 2.6.13-rc6-rt9 Peter Zijlstra
2005-08-19 18:43 ` 2.6.13-rc6-rt9 Paul E. McKenney
2005-08-20 19:27 ` 2.6.13-rc6-rt9 Peter Zijlstra
2005-08-20 21:24 ` 2.6.13-rc6-rt9 Jeff Dike
2005-09-29 7:54 ` 2.6.13-rc6-rt9 Peter Zijlstra
2005-09-30 1:00 ` 2.6.13-rc6-rt9 Paul E. McKenney
2005-09-30 1:07 ` 2.6.13-rc6-rt9 Thomas Gleixner
2005-09-30 1:46 ` 2.6.13-rc6-rt9 Paul E. McKenney
2005-09-30 6:17 ` 2.6.13-rc6-rt9 Thomas Gleixner
2005-08-19 21:50 ` 2.6.13-rc6-rt9 Darren Hart
2005-08-25 6:24 ` 2.6.13-rc6-rt9 Ingo Molnar
2005-08-19 22:13 ` 2.6.13-rc6-rt9 Darren Hart
2005-08-19 23:00 ` 2.6.13-rc6-rt9 Thomas Gleixner
2005-08-20 15:13 ` 2.6.13-rc6-rt9 Darren Hart
2005-08-19 23:48 ` [PATCH 2.6.13-rc6-rt9] PI aware dynamic priority adjustment Thomas Gleixner
2005-08-20 0:19 ` George Anzinger
2005-08-20 0:36 ` Thomas Gleixner
2005-08-20 1:36 ` George Anzinger
2005-09-26 21:03 ` Roland McGrath
2005-08-20 14:10 ` Oleg Nesterov
2005-08-20 16:04 ` Thomas Gleixner
2005-08-20 17:50 ` Oleg Nesterov
2005-08-22 21:37 ` George Anzinger
2005-08-20 16:58 ` [PATCH] fix send_sigqueue() vs thread exit race Oleg Nesterov
2005-08-21 9:44 ` Thomas Gleixner
2005-08-21 10:41 ` Oleg Nesterov
2005-08-21 12:38 ` Thomas Gleixner
2005-08-21 10:59 ` Oleg Nesterov
2005-08-21 21:24 ` Thomas Gleixner
2005-08-21 21:50 ` Thomas Gleixner
2005-08-22 6:39 ` Oleg Nesterov
2005-08-22 8:08 ` Thomas Gleixner
2005-08-22 8:52 ` Oleg Nesterov
2005-08-22 10:06 ` Thomas Gleixner
2005-08-22 16:45 ` Oleg Nesterov
2005-08-23 10:13 ` Thomas Gleixner
2005-08-23 16:17 ` Oleg Nesterov
2005-08-23 18:29 ` Thomas Gleixner
2005-09-24 13:42 ` Oleg Nesterov [this message]
2005-09-25 5:44 ` [PATCH] fix exit_itimers() vs posix_timer_event() AB-BA deadlock Andrew Morton
2005-09-25 14:07 ` [PATCH] fix exit_itimers() vs posix_timer_event() AB-BAdeadlock Oleg Nesterov
2005-10-23 16:50 ` Oleg Nesterov
2005-08-23 10:42 ` [PATCH] fix send_sigqueue() vs thread exit race Thomas Gleixner
2005-08-22 7:38 ` [PATCH 2.6.13-rc6-rt9] PI aware dynamic priority adjustment Ingo Molnar
2005-08-22 7:41 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=433557BB.EE6E5FE5@tv-sign.ru \
--to=oleg@tv-sign.ru \
--cc=akpm@osdl.org \
--cc=george@mvista.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulmck@us.ibm.com \
--cc=roland@redhat.com \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox