Re: [PATCH v2] posix-cpu-timers: fix nanosleep task_struct leak

Thu, 07 Feb 2013 10:39:28 -0800 

Thanks Stanislaw.

I think this patch is fine.

On 02/07, Stanislaw Gruszka wrote:
>
> In do_cpu_nanosleep() we do posic_cpu_timer_create(), but forgot
> corresponding posix_cpu_timer_del() what lead to task_struct leak.
> 
> Reported-and-tested-by: Tommi Rantala <[email protected]>
> Signed-off-by: Stanislaw Gruszka <[email protected]>
> ---
> v1 -> v2: add comments
> 
>  kernel/posix-cpu-timers.c | 23 +++++++++++++++++++++--
>  1 file changed, 21 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
> index a278cad..942ca27 100644
> --- a/kernel/posix-cpu-timers.c
> +++ b/kernel/posix-cpu-timers.c
> @@ -1401,8 +1401,10 @@ static int do_cpu_nanosleep(const clockid_t 
> which_clock, int flags,
>               while (!signal_pending(current)) {
>                       if (timer.it.cpu.expires.sched == 0) {
>                               /*
> -                              * Our timer fired and was reset.
> +                              * Our timer fired and was reset, below
> +                              * deletion can not fail.
>                                */
> +                             posix_cpu_timer_del(&timer);
>                               spin_unlock_irq(&timer.it_lock);
>                               return 0;
>                       }
> @@ -1420,9 +1422,26 @@ static int do_cpu_nanosleep(const clockid_t 
> which_clock, int flags,
>                * We were interrupted by a signal.
>                */
>               sample_to_timespec(which_clock, timer.it.cpu.expires, rqtp);
> -             posix_cpu_timer_set(&timer, 0, &zero_it, it);
> +             error = posix_cpu_timer_set(&timer, 0, &zero_it, it);
> +             if (!error) {
> +                     /*
> +                      * Timer is now unarmed, deletion can not fail.
> +                      */
> +                     posix_cpu_timer_del(&timer);
> +             }
>               spin_unlock_irq(&timer.it_lock);
>  
> +             while (error == TIMER_RETRY) {
> +                     /*
> +                      * We need to handle case when timer was or is in the
> +                      * middle of firing. In other cases we already freed
> +                      * resources.
> +                      */
> +                     spin_lock_irq(&timer.it_lock);
> +                     error = posix_cpu_timer_del(&timer);
> +                     spin_unlock_irq(&timer.it_lock);
> +             }
> +
>               if ((it->it_value.tv_sec | it->it_value.tv_nsec) == 0) {
>                       /*
>                        * It actually did fire already.
> -- 
> 1.7.11.7
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to