Re: Q: down_killable() is racy? or schedule() is not right?
From: Dmitry Adamushko
Date: Wed Jun 04 2008 - 07:10:06 EST
2008/6/3 Oleg Nesterov <oleg@xxxxxxxxxx>:
> I just noticed we have generic semaphores, a couple of questions.
>
> down():
>
> spin_lock_irqsave(&sem->lock, flags);
> ...
> __down(sem);
>
> Why _irqsave ? we must not do down() with irqs disabled, and of course
> __down() restores/clears irqs unconditionally.
>
>
> Another question,
>
> __down_common(TASK_KILLABLE):
>
> if (state == TASK_KILLABLE && fatal_signal_pending(task))
> goto interrupted;
>
> /* --- WINDOW --- */
>
> __set_task_state(task, TASK_KILLABLE);
> schedule_timeout(timeout);
>
> This looks racy. If SIGKILL comes in the WINDOW above, the event is lost.
> The task will wait for up() or timeout with the fatal signal pending, and
> it is not possible to wakeup it via kill() again.
>
> This is easy to fix, but I wonder if we should change schedule() instead.
[ for what it's worth ] I think, you are definitely right here.
The schedule() would be the right place to fix it. At the very least,
because otherwise callers are obliged to always check for
fatal_signal_pending(task) before scheduling with state ==
TASK_KILLABLE. e.g. schedule_timeout_killable().
Not very nice, IMHO.
> int signal_pending_state(struct task_struct *tsk)
> {
> if (!(state & (TASK_INTERRUPTIBLE | TASK_WAKEKILL)))
> return 0;
> if (signal_pending(tsk))
> return 0;
I guess, it should be ! signal_pending(tsk).
>
> return (state & TASK_INTERRUPTIBLE) ||
> __fatal_signal_pending(tsk);
> }
>
> if (state == TASK_INTERRUPTIBLE && signal_pending(task))
> goto interrupted;
> if (state == TASK_KILLABLE && fatal_signal_pending(task))
>
> Oleg.
>
--
Best regards,
Dmitry Adamushko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/