Re: [PATCH] sigqueue_free: fix the race with collect_signal()

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Oleg Nesterov

Subject: Re: [PATCH] sigqueue_free: fix the race with collect_signal()

Date: Friday, August 24, 2007 - 1:23 pm

On 08/24, Sukadev Bhattiprolu wrote:
quoted text>
> Oleg Nesterov wrote:
> >On 08/24, taoyue wrote:
> >  
> >>Oleg Nesterov wrote:
> >>    
> >>>>collect_signal:				sigqueue_free:
> >>>>
> >>>>	list_del_init(&first->list);
> >>>>                                      spin_lock_irqsave(lock, flags);
> >>>>   
> >>>>        
> >>>                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>> 
> >>>      
> >>>>                                      if (!list_empty(&q->list))
> >>>>                                            list_del_init(&q->list);
> >>>>                                      spin_unlock_irqrestore(lock, 
> >>>>                                      flags);
> >>>>                                      q->flags &= ~SIGQUEUE_PREALLOC;
> >>>>
> >>>>      __sigqueue_free(first);		__sigqueue_free(q);
> >>>>   
> >>>>        
> >>>collect_signal() is always called under ->siglock which is also taken by
> >>>sigqueue_free(), so this is not possible.
> >>>
> >>> 
> >>>      
> >>I know, using current->sighand->siglock to prevent one sigqueue
> >>is free twice. I want to know whether it is possible that the two
> >>function is called in different thread. If that, the spin_lock is useless.
> >>    
> >
> >Not sure I understand. Yes, it is possible they are called by 2 different
> >threads, that is why we had a race. But all threads in the same thread
> >group have the same ->sighand, and thus the same ->sighand->siglock.
> >  
> 
> Oleg, if one thread can be in collect_signal() and another in 
> sigqueue_free() and both operate on the exact same sigqueue object, its 
> not clear how we prevent two calls to __sigqueue_free() to
> the same object. In that case the lock (or some lock) should be around 
> __sigqueue_free() - no ?
> 
> i.e if we enter sigqueue_free(), we will call __sigqueue_free() 
> regardless of the state.

Yes. They both will call __sigqueue_free(). But please note that __sigqueue_free()
checks SIGQUEUE_PREALLOC, which is cleared by sigqueue_free().

IOW, when sigqueue_free() unlocks ->siglock, we know that it can't be used
by collect_signal() from another thread. So we can clear SIGQUEUE_PREALLOC
and free sigqueue. We don't need this lock around sigqueue_free() to prevent
the race. collect_signal() can "see" only those sigqueues which are on list.

IOW, when sigqueue_free() takes ->siglock, colect_signal() can't run, because
it needs the same lock. Now we delete this sigqueue from list, nobody can
see it, it can't have other references. So we can unlock ->siglock, mark
sigqueue as freeable (clear SIGQUEUE_PREALLOC), and free it.

Do you agree?

Oleg.

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [PATCH] sigqueue_free: fix the race with collect_signal(), Oleg Nesterov, (Fri Aug 24, 4:08 am)

Re: [PATCH] sigqueue_free: fix the race with collect_signal(), Sukadev Bhattiprolu, (Fri Aug 24, 1:03 pm)

Re: [PATCH] sigqueue_free: fix the race with collect_signal(), Oleg Nesterov, (Fri Aug 24, 1:23 pm)

Re: [PATCH] sigqueue_free: fix the race with collect_signal(), Sukadev Bhattiprolu, (Sat Aug 25, 10:24 am)

Re: [PATCH] sigqueue_free: fix the race with collect_signal(), Oleg Nesterov, (Sat Aug 25, 10:34 am)

Re: [PATCH] sigqueue_free: fix the race with collect_signal(), taoyue, (Mon Aug 27, 6:45 am)

Navigation

Popular discussions


linux-kernel:
Kay Sievers	Re: char/tpm: tpm_infineon no longer loaded for HP 2510p laptop
Eric W. Biederman	[PATCH 8/8] sysfs: user namespaces: fix bug with clone(CLONE_NEWUSER) with fairsched
Trenton D. Adams	Re: Flash IO slow 1.5 MB/s
S K	Re: cpufreq doesn't seem to work in Intel Q9300
Alan Cox	Re: Please add ZFS support (from GPL sources)
git:
Junio C Hamano	Re: git-svnimport
Junio C Hamano	Re: [PATCH] git-mv: Keep moved index entries inact
Johannes Schindelin	Re: [PATCH] Fix approxidate("never") to always return 0
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
Juergen Ruehle	Re: [ANNOUNCE] Guilt 0.16
linux-netdev:
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
Ingo Molnar	Re: [regression] nf_iterate(), BUG: unable to handle kernel NULL pointer dereference
Eric W. Biederman	[PATCH 14/20] net: Simplify pppol2tp pernet operations.
Jeff Kirsher	[net-2.6 PATCH 2/5] e1000e: increase swflag acquisition timeout for ICHx/PCH
git-commits-head:
Linux Kernel Mailing List	ath9k_htc: Allocate URBs properly
Linux Kernel Mailing List	sm501: add power control callback
Linux Kernel Mailing List	V4L/DVB (8976): af9015: Add USB ID for AVerMedia A309
Linux Kernel Mailing List	ARM: 5670/1: bcmring: add default configuration for bcmring arch
Linux Kernel Mailing List	Rename special text sections in arch/frv from .text.XXX to .text..XXX.
openbsd-misc:
daniele.pilenga	snmpd hangs on 4.1 looking up hrSWRunTable
Christophe Rioux	Implementation example of snmp
Nick Holland	Re: booting openbsd on eee without cd-rom
Bryan Irvine	Re: OpenBSD 4.7 Released, May 19 2010
Cabillot Julien	Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA

Colocation donated by:

Syndicate