kevin/linux
1
Fork 0
Code
226a6b84aa
linux/kernel
History
Porpoise 3439dd86e3 [PATCH] When CONFIG_BASE_SMALL=1, cascade() may enter an infinite loop 
When CONFIG_BASE_SAMLL=1, cascade() in may enter the infinite loop.
Because of CONFIG_BASE_SMALL=1(TVR_BITS=6 and TVN_BITS=4), the list
base->tv5 may cascade into base->tv5.  So, the kernel enters the infinite
loop in the function cascade().

I created a test module to verify this bug, and a patch to fix it.

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/timer.h>
#if 0
#include <linux/kdb.h>
#else
#define kdb_printf printk
#endif

#define TVN_BITS (CONFIG_BASE_SMALL ? 4 : 6)
#define TVR_BITS (CONFIG_BASE_SMALL ? 6 : 8)
#define TVN_SIZE (1 << TVN_BITS)
#define TVR_SIZE (1 << TVR_BITS)
#define TVN_MASK (TVN_SIZE - 1)
#define TVR_MASK (TVR_SIZE - 1)

#define TV_SIZE(N)  (N*TVN_BITS  + TVR_BITS)

struct timer_list timer0;
struct timer_list dummy_timer1;
struct timer_list dummy_timer2;

void dummy_timer_fun(unsigned long data) {
}
unsigned long j=0;
void check_timer_base(unsigned long data)
{
        kdb_printf("check_timer_base %08x\n",jiffies);
        mod_timer(&timer0,(jiffies & (~0xFFF)) + 0x1FFF);
}

int init_module(void)
{
        init_timer(&timer0);
        timer0.data = (unsigned long)0;
        timer0.function = check_timer_base;
        mod_timer(&timer0,jiffies+1);

        init_timer(&dummy_timer1);
        dummy_timer1.data = (unsigned long)0;
        dummy_timer1.function = dummy_timer_fun;

        init_timer(&dummy_timer2);
        dummy_timer2.data = (unsigned long)0;
        dummy_timer2.function = dummy_timer_fun;

        j=jiffies;
        j&=(~((1<<TV_SIZE(3))-1));
        j+=(1<<TV_SIZE(3));
        j+=(1<<TV_SIZE(4));

        kdb_printf("mod_timer %08x\n",j);

        mod_timer(&dummy_timer1, j );
        mod_timer(&dummy_timer2, j );

        return 0;
}

void cleanup_module()
{
        del_timer_sync(&timer0);
        del_timer_sync(&dummy_timer1);
        del_timer_sync(&dummy_timer2);
}

(Cleanups from Oleg)

[oleg@tv-sign.ru: use list_replace_init()]
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Matt Mackall <mpm@selenic.com>
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-23 07:43:08 -07:00
..
irq [PATCH] make noirqdebug/irqfixup __read_mostly, add (un)likely() 2006-06-23 07:43:05 -07:00
power [PATCH] swsusp: use less memory during resume 2006-06-23 07:43:00 -07:00
.gitignore gitignore: ignore more generated files 2006-01-03 11:35:26 +01:00
acct.c [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
audit.c [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00
audit.h [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00
auditfilter.c [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00
auditsc.c [PATCH] Doc: add audit & acct to DocBook 2006-06-23 07:43:07 -07:00
capability.c [PATCH] refactor capable() to one implementation, add __capable() helper 2006-03-25 08:22:56 -08:00
compat.c [PATCH] move_pages: fix 32 -> 64 bit compat function 2006-06-23 07:42:53 -07:00
configs.c update the email address of Randy Dunlap 2006-01-03 13:37:51 +01:00
cpu.c [PATCH] Notifier chain update: API changes 2006-03-27 08:44:50 -08:00
cpuset.c [PATCH] SELinux: add security hook call to mediate attach_task (kernel/cpuset.c) 2006-06-23 07:42:54 -07:00
dma.c
exec_domain.c [PATCH] Fix module refcount leak in __set_personality() 2006-03-24 07:33:30 -08:00
exit.c [PATCH] run_posix_cpu_timers: remove a bogus BUG_ON() 2006-06-17 10:52:13 -07:00
extable.c [PATCH] symbol_put_addr() locks kernel 2006-05-15 11:20:55 -07:00
fork.c [PATCH] dup fd error fix 2006-06-23 07:43:04 -07:00
futex_compat.c [PATCH] futex: check and validate timevals 2006-03-31 12:18:59 -08:00
futex.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
hrtimer.c Merge git://git.infradead.org/~dwmw2/rbtree-2.6 2006-06-20 14:51:22 -07:00
itimer.c [PATCH] hrtimers: remove data field 2006-03-26 08:57:03 -08:00
kallsyms.c [PATCH] fix missing includes 2005-10-30 17:37:32 -08:00
Kconfig.hz
Kconfig.preempt
kexec.c [PATCH] Add a sysfs file to determine if a kexec kernel is loaded 2006-06-23 07:43:02 -07:00
kfifo.c [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
kmod.c [PATCH] wait_for_helper: trivial style cleanup 2006-03-28 18:36:41 -08:00
kprobes.c [PATCH] kprobes: NULL out non-relevant fields in struct kretprobe 2006-04-20 07:54:03 -07:00
ksysfs.c [PATCH] Add a sysfs file to determine if a kexec kernel is loaded 2006-06-23 07:43:02 -07:00
kthread.c [PATCH] find_task_by_pid() needs tasklist_lock 2006-03-25 08:22:57 -08:00
Makefile Finally remove the obnoxious inter_module_xxx() 2006-05-08 22:40:05 +01:00
module.c [PATCH] symbol_put_addr() locks kernel 2006-05-15 11:20:55 -07:00
mutex-debug.c [PATCH] fix/simplify mutex debugging code 2006-01-11 08:14:16 -08:00
mutex-debug.h [PATCH] mutex subsystem, debugging code 2006-01-09 15:59:20 -08:00
mutex.c [PATCH] mutex: trivial whitespace cleanups 2006-01-10 14:27:59 -08:00
mutex.h [PATCH] mutex subsystem, core 2006-01-09 15:59:19 -08:00
panic.c [PATCH] the scheduled unexport of panic_timeout 2006-04-11 06:18:40 -07:00
params.c [PATCH] Change dash2underscore() return value to char 2006-03-28 09:16:03 -08:00
pid.c [PATCH] pidhash: Refactor the pid hash table 2006-03-31 12:19:00 -08:00
posix-cpu-timers.c [PATCH] arm_timer: remove a racy and obsolete PF_EXITING check 2006-06-17 10:52:13 -07:00
posix-timers.c [PATCH] hrtimers: remove data field 2006-03-26 08:57:03 -08:00
printk.c Add support for suspending and resuming the whole console subsystem 2006-06-19 18:16:01 -07:00
profile.c [PATCH] Remove __devinit and __cpuinit from notifier_call definitions 2006-04-26 08:30:03 -07:00
ptrace.c ptrace_attach: fix possible deadlock schenario with irqs 2006-05-11 11:08:49 -07:00
rcupdate.c [PATCH] Make RCU API inaccessible to non-GPL Linux kernel modules 2006-06-23 07:43:07 -07:00
rcutorture.c [PATCH] for_each_possible_cpu: fixes for generic part 2006-03-28 09:16:05 -08:00
relay.c [PATCH] relay: consolidate sendfile() and read() code 2006-03-23 19:58:45 +01:00
resource.c [PATCH] kernel/resource.c: __check_region(): remove pointless __deprecated 2006-01-10 08:02:02 -08:00
sched.c [PATCH] cond_resched() might_sleep() fix 2006-06-23 07:43:04 -07:00
seccomp.c
signal.c [PATCH] collect sid of those who send signals to auditd 2006-06-20 05:25:21 -04:00
softirq.c [PATCH] Remove __devinit and __cpuinit from notifier_call definitions 2006-04-26 08:30:03 -07:00
softlockup.c [PATCH] Remove __devinit and __cpuinit from notifier_call definitions 2006-04-26 08:30:03 -07:00
spinlock.c [PATCH] BUILD_LOCK_OPS: cleanup preempt_disable() usage 2006-03-23 07:38:16 -08:00
stop_machine.c [PATCH] Remove set_fs() in stop_machine() 2006-01-10 08:01:25 -08:00
sys_ni.c [PATCH] sys_move_pages: 32bit support (i386, x86_64) 2006-06-23 07:42:53 -07:00
sys.c [PATCH] kernel/sys.c doesn't need init.h 2006-06-23 07:43:07 -07:00
sysctl.c [PATCH] CONFIG_NET=n build fix 2006-06-23 07:43:06 -07:00
time.c Fix comments: s/granuality/granularity/ 2006-04-01 01:41:22 +02:00
timer.c [PATCH] When CONFIG_BASE_SMALL=1, cascade() may enter an infinite loop 2006-06-23 07:43:08 -07:00
uid16.c [PATCH] Add more prevent_tail_call() 2006-04-19 16:27:18 -07:00
user.c [PATCH] selinux: add hooks for key subsystem 2006-06-22 15:05:55 -07:00
wait.c
workqueue.c [PATCH] list: use list_replace_init() instead of list_splice_init() 2006-06-23 07:43:07 -07:00