[kernel/f14/master] posix-cpu-timers: workaround to suppress the problems with mt exec (rhbz#656264)

Kyle McMartin kyle at fedoraproject.org
Tue Nov 23 16:42:40 UTC 2010 

commit 003654d6ca8dc89c22f14a3b168b917db8ff0ef3
Author: Kyle McMartin <kyle at mcmartin.ca>
Date:   Tue Nov 23 11:40:33 2010 -0500

    posix-cpu-timers: workaround to suppress the problems with mt exec (rhbz#656264)

 kernel.spec                                        |    7 ++
 ...karound-to-suppress-problems-with-mt-exec.patch |   60 ++++++++++++++++++++
 2 files changed, 67 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index c803bd6..860b139 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -782,6 +782,8 @@ Patch13701: ipc-shm-fix-information-leak-to-user.patch
 
 Patch13702: inet_diag-make-sure-we-run-the-same-bytecode-we-audited.patch
 
+Patch13703: posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1465,6 +1467,9 @@ ApplyPatch ipc-shm-fix-information-leak-to-user.patch
 # rhbz#651264 (CVE-2010-3880)
 ApplyPatch inet_diag-make-sure-we-run-the-same-bytecode-we-audited.patch
 
+# rhbz#656264
+ApplyPatch posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2055,6 +2060,8 @@ fi
 - zero struct memory in ipc compat (CVE-2010-4073) (#648658)
 - zero struct memory in ipc shm (CVE-2010-4072) (#648656)
 - fix logic error in INET_DIAG bytecode auditing (CVE-2010-3880) (#651264)
+- posix-cpu-timers: workaround to suppress the problems with mt exec
+  (rhbz#656264)
 
 * Tue Nov 23 2010 Kyle McMartin <kyle at redhat.com>
 - fix-i8k-inline-asm.patch: backport gcc miscompilation fix from git
diff --git a/posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch b/posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
new file mode 100644
index 0000000..7221148
--- /dev/null
+++ b/posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
@@ -0,0 +1,60 @@
+From 2876b1571839c25ce5e7485ead8417506d720c73 Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg at redhat.com>
+Date: Fri, 5 Nov 2010 16:53:42 +0100
+Subject: posix-cpu-timers: workaround to suppress the problems with mt exec
+
+posix-cpu-timers.c correctly assumes that the dying process does
+posix_cpu_timers_exit_group() and removes all !CPUCLOCK_PERTHREAD
+timers from signal->cpu_timers list.
+
+But, it also assumes that timer->it.cpu.task is always the group
+leader, and thus the dead ->task means the dead thread group.
+
+This is obviously not true after de_thread() changes the leader.
+After that almost every posix_cpu_timer_ method has problems.
+
+It is not simple to fix this bug correctly. First of all, I think
+that timer->it.cpu should use struct pid instead of task_struct.
+Also, the locking should be reworked completely. In particular,
+tasklist_lock should not be used at all. This all needs a lot of
+nontrivial and hard-to-test changes.
+
+Change __exit_signal() to do posix_cpu_timers_exit_group() when
+the old leader dies during exec. This is not the fix, just the
+temporary hack to hide the problem for 2.6.37 and stable. IOW,
+this is obviously wrong but this is what we currently have anyway:
+cpu timers do not work after mt exec.
+
+In theory this change adds another race. The exiting leader can
+detach the timers which were attached to the new leader. However,
+the window between de_thread() and release_task() is small, we
+can pretend that sys_timer_create() was called before de_thread().
+
+Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ kernel/exit.c |    8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/kernel/exit.c b/kernel/exit.c
+index ac90425..85daf1d 100644
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -95,6 +95,14 @@ static void __exit_signal(struct task_struct *tsk)
+ 		sig->tty = NULL;
+ 	} else {
+ 		/*
++		 * This can only happen if the caller is de_thread().
++		 * FIXME: this is the temporary hack, we should teach
++		 * posix-cpu-timers to handle this case correctly.
++		 */
++		if (unlikely(has_group_leader_pid(tsk)))
++			posix_cpu_timers_exit_group(tsk);
++
++		/*
+ 		 * If there is any task waiting for the group exit
+ 		 * then notify it:
+ 		 */
+-- 
+1.7.3.2
+

More information about the scm-commits mailing list