Re: Race condition in 2.4 tasklet handling (cli() broken?)

[TeJun Huh]

 Oops, Sorry.  Only bh handling is relevant.  Softirq and tasklet are
not of concern to cli().

On Sat, Aug 23, 2003 at 01:09:31PM +0900, TeJun Huh wrote:
>  Additional suspicious things.
> 
> 1. tasklet_kill() has similar race condition.  mb() required before
> tasklet_unlock_wait().

Corrected 2.

 global_bh_lock test inside wait_on_irq() suggests that cli() tries to
block not only interrupt handling but also bh handlings of all cpus;
however, current implementation does not guarantee that.

 Because global_bh_lock is acquired in bh_action() <call trace:
handle_IRQ_event()->do_softirq()->tasklet_action()->bh_action()> after
decrementing local_irq_count(), other cpus may happily begin bh
handling while a cpu is still inside cli() - sti() critical section.

 If bh hanlding is not guaranteed to be blocked during cli() - sti()
critical section, global_bh_lock test inside wait_on_irq() is
redundant and if it should be guaranteed, current implmentation seems
broken.

-- 
tejun
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/