On Wed, Feb 06, 2013 at 05:10:11PM +0100, Oleg Nesterov wrote:
> First of all, thank you so much. I knew it was a good idea to cc you ;)
:-)
> On 02/06, Stanislaw Gruszka wrote:
> >
> > In do_cpu_nanosleep() we do posix_cpu_timer_create(), but forgot
> > corresponding posix_cpu_timer_del(), what lead to task_struct leak.
>
> Plus, it seems we can leave the timer on ->cpu_timers list...
>
> > @@ -1403,6 +1403,7 @@ static int do_cpu_nanosleep(const clockid_t
> > which_clock, int flags,
> > /*
> > * Our timer fired and was reset.
> > */
> > + posix_cpu_timer_del(&timer);
> > spin_unlock_irq(&timer.it_lock);
> > return 0;
> > }
> > @@ -1420,9 +1421,17 @@ static int do_cpu_nanosleep(const clockid_t
> > which_clock, int flags,
> > * We were interrupted by a signal.
> > */
> > sample_to_timespec(which_clock, timer.it.cpu.expires, rqtp);
> > - posix_cpu_timer_set(&timer, 0, &zero_it, it);
> > + error = posix_cpu_timer_set(&timer, 0, &zero_it, it);
> > + if (!error)
> > + posix_cpu_timer_del(&timer);
> > spin_unlock_irq(&timer.it_lock);
> >
> > + while (error == TIMER_RETRY) {
> > + spin_lock_irq(&timer.it_lock);
> > + error = posix_cpu_timer_del(&timer);
>
> It is not clear to me why other posix_cpu_timer_del's above can't fail..
> May be you can add a comment.
Sure, I'll add more comments.
Once posix_cpu_timer_set(..., &zero_it, it) succeed with 0 return value,
it's not possible to fire timer, so posix_cpu_timer_del() will not fail.
Similar assumption is with first posix_cpu_timer_del() call I added
in the patch.
> And I am not sure that TIMER_RETRY is the only error we should worry.
> And perhaps we need even more posix_cpu_timer_del's?
>
> For example. Suppose that posix_cpu_timer_create() succeeds and does
> get_task_struct(p). But than p dies, and the first posix_cpu_timer_set()
> fails with -ESRCH. No?
On second -ESRCH case posix_cpu_timer_set() internally call
put_task_struct(). It does not remove from cpu_timers list, but
that is done at exit(). First -ESRCH case, i.e. calling
posix_cpu_timer_set() with timer->it.cpu.task == NULL, is not possible
in our case.
BTW: I don't think we handle correctly case when traced process -
- timer->it.cpu.task will die. Tracing process - timer->it_process will
probably not be woken up.
Stanislaw
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
