Re: [PATCH] fix unsafe operation in high resolution timer

From: Yong Zhang
Date: Fri Dec 24 2010 - 02:17:30 EST

Next message: Ramirez Luna, Omar: "Re: [PATCH 1/5] staging:tidspbridge - Remove unused defined constants"
Previous message: Masami Hiramatsu: "Re: [PATCH] Kprobe: Fixed a leak when a retprobe entry function returnsnon-zero"
Next in thread: Hillf Danton: "Re: [PATCH] fix unsafe operation in high resolution timer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 23, 2010 at 9:29 PM, Hillf Danton <dhillf@xxxxxxxxx> wrote:
> After calling the callback function of hrtimer, the timer could become
> unreliable in corner cases where the timer will no longer be queued
> and the mm segment, in which the timer is embedded, could be reclaimed
> in the callback.
>
> The unreliability is fixed by checking the result of callback before
> operating the timer again.

Though the patch is buggy. But it actually explores a real problem.

We can't deference a maybe freed object. I'm not sure how
to fix it. Or we just prevent the hrtimer->fn free the object which
contains hrtimer?

Thomas, what's your comment?

Thanks,
Yong
>
> Signed-off-by: Hillf Danton <dhillf@xxxxxxxxx>
> ---
>
> --- a/kernel/hrtimer.c Â2010-11-01 19:54:12.000000000 +0800
> +++ b/kernel/hrtimer.c Â2010-12-23 21:17:02.000000000 +0800
> @@ -1225,6 +1225,7 @@ static void __run_hrtimer(struct hrtimer
> Â Â Â Âraw_spin_unlock(&cpu_base->lock);
> Â Â Â Âtrace_hrtimer_expire_entry(timer, now);
> Â Â Â Ârestart = fn(timer);
> + Â Â Â if (restart != HRTIMER_NORESTART)
> Â Â Â Âtrace_hrtimer_expire_exit(timer);
> Â Â Â Âraw_spin_lock(&cpu_base->lock);
>
> @@ -1236,11 +1237,8 @@ static void __run_hrtimer(struct hrtimer
> Â Â Â Âif (restart != HRTIMER_NORESTART) {
> Â Â Â Â Â Â Â ÂBUG_ON(timer->state != HRTIMER_STATE_CALLBACK);
> Â Â Â Â Â Â Â Âenqueue_hrtimer(timer, base);
> + Â Â Â Â Â Â Â timer->state &= ~HRTIMER_STATE_CALLBACK;
> Â Â Â Â}
> -
> - Â Â Â WARN_ON_ONCE(!(timer->state & HRTIMER_STATE_CALLBACK));
> -
> - Â Â Â timer->state &= ~HRTIMER_STATE_CALLBACK;
> Â}
>
> Â#ifdef CONFIG_HIGH_RES_TIMERS
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at Âhttp://vger.kernel.org/majordomo-info.html
> Please read the FAQ at Âhttp://www.tux.org/lkml/
>

--
Only stand for myself.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ramirez Luna, Omar: "Re: [PATCH 1/5] staging:tidspbridge - Remove unused defined constants"
Previous message: Masami Hiramatsu: "Re: [PATCH] Kprobe: Fixed a leak when a retprobe entry function returnsnon-zero"
Next in thread: Hillf Danton: "Re: [PATCH] fix unsafe operation in high resolution timer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]