First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 137623
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 137623 depends on: Show dependency tree
Bug 137623 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-06-22 11:01 0000 
do_exit() clears ->it_##clock##_expires, but nothing prevents
 another cpu to attach the timer to exiting process after that.
 arm_timer() tries to protect against this race, but the check
 is racy.

 After exit_notify() does 'write_unlock_irq(&tasklist_lock)' and
 before do_exit() calls 'schedule() local timer interrupt can find
 tsk->exit_state != 0. If that state was EXIT_DEAD (or another cpu
 does sys_wait4) interrupted task has ->signal == NULL.

 At this moment exiting task has no pending cpu timers, they were
 cleanuped in __exit_signal()->posix_cpu_timers_exit{,_group}(),
 so we can just return from irq.

 John Stultz recently confirmed this bug, see

 http://marc.theaimsgroup.com/?l=linux-kernel&m=115015841413687

------- Comment #1 From Tim Yamin (RETIRED) 2006-06-24 13:03:37 0000 ------- 
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=30f1e3dd8c72abda343bcf415f7d8894a02b4290

------- Comment #2 From Tim Yamin (RETIRED) 2006-06-24 13:09:14 0000 ------- 
dsd: Please add to genpatches-2.6.16.

------- Comment #3 From Daniel Drake 2006-07-01 04:51:42 0000 ------- 
Fixed in gentoo-sources-2.6.16-r11 / genpatches-2.6.16-23

------- Comment #4 From Tim Yamin (RETIRED) 2006-07-02 08:36:37 0000 ------- 
Maintainers please bump to 2.6.16.23 preferably or genpatches-2.6.16-13; does
not affect 2.6.17:

ck-sources-2.6.16: marineam
hardened-sources-2.6: johnm, hardened
mips-sources-2.6.16: `Kumba
rsbac-sources-2.6: kang
sh-sources-2.6: vapier
suspend2-sources-2.6: brix
usermode-sources-2.6: dang
xbox-sources-2.6: chrb, gimli
xen-sources-2.6: chrb, agriffis

------- Comment #5 From Daniel Gryniewicz 2006-07-03 11:03:03 0000 ------- 
usermode-sources done.

------- Comment #6 From Henrik Brix Andersen 2006-07-04 11:05:31 0000 ------- 
Fixed in sys-kernel/suspend2-sources-2.6.16-r10.

------- Comment #7 From Micheal Marineau 2006-07-09 16:36:40 0000 ------- 
Fixed in ck-sources-2.6.16_p12-r1.

------- Comment #8 From Tim Yamin (RETIRED) 2006-08-07 13:50:50 0000 ------- 
All fixed, closing bug. rsbac-sources masked.
First Last Prev Next    No search results available      Search page      Enter new bug