Commit 0f7e663d authored by Bodo Stroesser's avatar Bodo Stroesser Committed by Linus Torvalds

[PATCH] uml: Fix process exit race

tt-mode closes switch_pipes in exit_thread_tt and kills processes in
switch_to_tt, if the exit_state is EXIT_DEAD or EXIT_ZOMBIE.

In very rare cases the exiting process can be scheduled out after having set
exit_state and closed switch_pipes (from release_task it calls proc_pid_flush,
which might sleep).  If this process is to be restarted, UML failes in
switch_to_tt with:

   write of switch_pipe failed, err = 9

We fix this by closing switch_pipes not in exit_thread_tt, but later in
release_thread_tt.  Additionally, we set switch_pipe[0] = 0 after closing.
switch_to_tt must not kill "from" process depending on its exit_state, but
must kill it after release_thread was processed only, so it examines
switch_pipe[0] for its decision.
Signed-off-by: default avatarBodo Stroesser <bstroesser@fujitsu-siemens.com>
Signed-off-by: default avatarJeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent b8bd0220
...@@ -142,7 +142,6 @@ void release_thread(struct task_struct *task) ...@@ -142,7 +142,6 @@ void release_thread(struct task_struct *task)
void exit_thread(void) void exit_thread(void)
{ {
CHOOSE_MODE(exit_thread_tt(), exit_thread_skas());
unprotect_stack((unsigned long) current_thread); unprotect_stack((unsigned long) current_thread);
} }
......
...@@ -18,7 +18,6 @@ extern int copy_thread_skas(int nr, unsigned long clone_flags, ...@@ -18,7 +18,6 @@ extern int copy_thread_skas(int nr, unsigned long clone_flags,
unsigned long sp, unsigned long stack_top, unsigned long sp, unsigned long stack_top,
struct task_struct *p, struct pt_regs *regs); struct task_struct *p, struct pt_regs *regs);
extern void release_thread_skas(struct task_struct *task); extern void release_thread_skas(struct task_struct *task);
extern void exit_thread_skas(void);
extern void initial_thread_cb_skas(void (*proc)(void *), void *arg); extern void initial_thread_cb_skas(void (*proc)(void *), void *arg);
extern void init_idle_skas(void); extern void init_idle_skas(void);
extern void flush_tlb_kernel_range_skas(unsigned long start, extern void flush_tlb_kernel_range_skas(unsigned long start,
......
...@@ -83,10 +83,6 @@ void release_thread_skas(struct task_struct *task) ...@@ -83,10 +83,6 @@ void release_thread_skas(struct task_struct *task)
{ {
} }
void exit_thread_skas(void)
{
}
void fork_handler(int sig) void fork_handler(int sig)
{ {
change_sig(SIGUSR1, 1); change_sig(SIGUSR1, 1);
......
...@@ -19,7 +19,6 @@ extern int copy_thread_tt(int nr, unsigned long clone_flags, unsigned long sp, ...@@ -19,7 +19,6 @@ extern int copy_thread_tt(int nr, unsigned long clone_flags, unsigned long sp,
unsigned long stack_top, struct task_struct *p, unsigned long stack_top, struct task_struct *p,
struct pt_regs *regs); struct pt_regs *regs);
extern void release_thread_tt(struct task_struct *task); extern void release_thread_tt(struct task_struct *task);
extern void exit_thread_tt(void);
extern void initial_thread_cb_tt(void (*proc)(void *), void *arg); extern void initial_thread_cb_tt(void (*proc)(void *), void *arg);
extern void init_idle_tt(void); extern void init_idle_tt(void);
extern void flush_tlb_kernel_range_tt(unsigned long start, unsigned long end); extern void flush_tlb_kernel_range_tt(unsigned long start, unsigned long end);
......
...@@ -65,8 +65,7 @@ void *switch_to_tt(void *prev, void *next, void *last) ...@@ -65,8 +65,7 @@ void *switch_to_tt(void *prev, void *next, void *last)
panic("write of switch_pipe failed, err = %d", -err); panic("write of switch_pipe failed, err = %d", -err);
reading = 1; reading = 1;
if((from->exit_state == EXIT_ZOMBIE) || if(from->thread.mode.tt.switch_pipe[0] == -1)
(from->exit_state == EXIT_DEAD))
os_kill_process(os_getpid(), 0); os_kill_process(os_getpid(), 0);
err = os_read_file(from->thread.mode.tt.switch_pipe[0], &c, sizeof(c)); err = os_read_file(from->thread.mode.tt.switch_pipe[0], &c, sizeof(c));
...@@ -81,8 +80,7 @@ void *switch_to_tt(void *prev, void *next, void *last) ...@@ -81,8 +80,7 @@ void *switch_to_tt(void *prev, void *next, void *last)
* in case it has not already killed itself. * in case it has not already killed itself.
*/ */
prev_sched = current->thread.prev_sched; prev_sched = current->thread.prev_sched;
if((prev_sched->exit_state == EXIT_ZOMBIE) || if(prev_sched->thread.mode.tt.switch_pipe[0] == -1)
(prev_sched->exit_state == EXIT_DEAD))
os_kill_process(prev_sched->thread.mode.tt.extern_pid, 1); os_kill_process(prev_sched->thread.mode.tt.extern_pid, 1);
change_sig(SIGVTALRM, vtalrm); change_sig(SIGVTALRM, vtalrm);
...@@ -101,14 +99,18 @@ void release_thread_tt(struct task_struct *task) ...@@ -101,14 +99,18 @@ void release_thread_tt(struct task_struct *task)
{ {
int pid = task->thread.mode.tt.extern_pid; int pid = task->thread.mode.tt.extern_pid;
/*
* We first have to kill the other process, before
* closing its switch_pipe. Else it might wake up
* and receive "EOF" before we could kill it.
*/
if(os_getpid() != pid) if(os_getpid() != pid)
os_kill_process(pid, 0); os_kill_process(pid, 0);
}
void exit_thread_tt(void) os_close_file(task->thread.mode.tt.switch_pipe[0]);
{ os_close_file(task->thread.mode.tt.switch_pipe[1]);
os_close_file(current->thread.mode.tt.switch_pipe[0]); /* use switch_pipe as flag: thread is released */
os_close_file(current->thread.mode.tt.switch_pipe[1]); task->thread.mode.tt.switch_pipe[0] = -1;
} }
void suspend_new_thread(int fd) void suspend_new_thread(int fd)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment