[PATCH 07/14] module: Fix invalid wakeup in wait_for_zero_refcount

From: Libin
Date: Thu Aug 29 2013 - 10:02:09 EST

Next message: Libin: "[PATCH 13/14] workqueue: Fix invalid wakeup in rescuer_thread"
Previous message: Libin: "[PATCH 03/14] audit: Fix invalid wakeup in wait_for_auditd"
In reply to: Libin: "[PATCH 03/14] audit: Fix invalid wakeup in wait_for_auditd"
Next in thread: Libin: "[PATCH 13/14] workqueue: Fix invalid wakeup in rescuer_thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If thread is preempted before calling set_current_state(TASK_INTERRUPTIBLE),
and the other thread set the condition followed with wake_up_process. After
that when this thread is re-scheduled, calling set_current_state to set itself
as state TASK_INTERRUPTIBLE, if it is preempted again after that and before
__set_current_state(TASK_RUNNING), it triggers the invalid wakeup problem.
-----------------------
wait_for_zero_refcount()
-----------------------
...
for (;;) {
pr_debug("Looking at refcount...\n");
set_current_state(TASK_UNINTERRUPTIBLE);
if (module_refcount(mod) == 0)
break;
schedule();
}
__set_current_state(TASK_RUNNING);
...

To solve this problem, using preempt_disable() to bound the operaion that
setting the task state and the conditions(set by the wake thread) validation.
-----------------------
wait_for_zero_refcount()
-----------------------
...
preempt_disable();
for (;;) {
pr_debug("Looking at refcount...\n");
set_current_state(TASK_UNINTERRUPTIBLE);
if (module_refcount(mod) == 0)
break;
preempt_enable();
schedule();
preempt_disable();
}
__set_current_state(TASK_RUNNING);
preempt_enable();
...

Signed-off-by: Libin <huawei.libin@xxxxxxxxxx>
---
kernel/module.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/module.c b/kernel/module.c
index 2069158..22064e9 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -816,14 +816,18 @@ static void wait_for_zero_refcount(struct module *mod)
{
/* Since we might sleep for some time, release the mutex first */
mutex_unlock(&module_mutex);
+ preempt_disable();
for (;;) {
pr_debug("Looking at refcount...\n");
set_current_state(TASK_UNINTERRUPTIBLE);
if (module_refcount(mod) == 0)
break;
+ preempt_enable();
schedule();
+ preempt_disable();
}
- current->state = TASK_RUNNING;
+ __set_current_state(TASK_RUNNING);
+ preempt_enable();
mutex_lock(&module_mutex);
}

--
1.8.2.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Libin: "[PATCH 13/14] workqueue: Fix invalid wakeup in rescuer_thread"
Previous message: Libin: "[PATCH 03/14] audit: Fix invalid wakeup in wait_for_auditd"
In reply to: Libin: "[PATCH 03/14] audit: Fix invalid wakeup in wait_for_auditd"
Next in thread: Libin: "[PATCH 13/14] workqueue: Fix invalid wakeup in rescuer_thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]