[PATCH] Race condition in del_timer_sync (2.5)

From: Tejun Huh
Date: Mon Sep 01 2003 - 21:57:46 EST

Next message: Andrew Morton: "Re: IOMEGA ZIP 100 ATAPI problems with 2.6"
Previous message: Panagiotis Papadakos: "Re: IOMEGA ZIP 100 ATAPI problems with 2.6"
Next in thread: Ingo Molnar: "Re: [PATCH] Race condition in del_timer_sync (2.5)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

This patch fixes a race between del_timer_sync and recursive timers.
Current implementation allows the value of timer->base that is used
for timer_pending test to be fetched before finishing running_timer
test, so it's possible for a recursive time to be pending after
del_timer_sync. Adding smp_rmb before timer_pending removes the race.

The patch is against the latest 2.5 bk tree. Please point out if I
got something wrong. TIA.

--
tejun

diff -Nru a/kernel/timer.c b/kernel/timer.c
--- a/kernel/timer.c Tue Sep 2 11:56:58 2003
+++ b/kernel/timer.c Tue Sep 2 11:56:58 2003
@@ -338,6 +338,7 @@
break;
}
}
+ smp_rmb();
if (timer_pending(timer))
goto del_again;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: IOMEGA ZIP 100 ATAPI problems with 2.6"
Previous message: Panagiotis Papadakos: "Re: IOMEGA ZIP 100 ATAPI problems with 2.6"
Next in thread: Ingo Molnar: "Re: [PATCH] Race condition in del_timer_sync (2.5)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]