f90fff1e15
If an exiting non-autoreaping task has already passed exit_notify() and
calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent
or debugger right after unlock_task_sighand().
If a concurrent posix_cpu_timer_del() runs at that moment, it won't be
able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or
lock_task_sighand() will fail.
Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.
This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because
exit_task_work() is called before exit_notify(). But the check still
makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail
anyway in this case.
Cc: stable@vger.kernel.org
Reported-by: Benoît Sevens <bsevens@google.com>
Fixes:
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| alarmtimer.c | ||
| clockevents.c | ||
| clocksource-wdtest.c | ||
| clocksource.c | ||
| hrtimer.c | ||
| itimer.c | ||
| jiffies.c | ||
| namespace.c | ||
| ntp.c | ||
| ntp_internal.h | ||
| posix-clock.c | ||
| posix-cpu-timers.c | ||
| posix-stubs.c | ||
| posix-timers.c | ||
| posix-timers.h | ||
| sched_clock.c | ||
| sleep_timeout.c | ||
| test_udelay.c | ||
| tick-broadcast-hrtimer.c | ||
| tick-broadcast.c | ||
| tick-common.c | ||
| tick-internal.h | ||
| tick-legacy.c | ||
| tick-oneshot.c | ||
| tick-sched.c | ||
| tick-sched.h | ||
| time.c | ||
| time_test.c | ||
| timeconst.bc | ||
| timeconv.c | ||
| timecounter.c | ||
| timekeeping.c | ||
| timekeeping.h | ||
| timekeeping_debug.c | ||
| timekeeping_internal.h | ||
| timer.c | ||
| timer_list.c | ||
| timer_migration.c | ||
| timer_migration.h | ||
| vsyscall.c | ||