PROBLEM: possible proceses leak

[Andrew Volkov]

Hi all,

In all kernels (up to 2.6-test11) next sequence of code 
in __down/__down_interruptible function 
(arch/i386/kernel/semaphore.c) may cause processes or threads leaking.

void __down(struct semaphore * sem)
{
	struct task_struct *tsk = current;
	DECLARE_WAITQUEUE(wait, tsk);

|-----tsk->state = TASK_UNINTERRUPTIBLE;		<----- BUG: 
|          -- If "do_schedule" from kernel/schedule will calling
|              at this point, due to expire of time slice,
|              then current task will removed from run_queue,
| 		   but doesn't added to any waiting queue, and hence 
|	         will never run again. --
|	add_wait_queue_exclusive(&sem->wait, &wait);
|
|->	--- This code must be here. ---

	spin_lock_irq(&semaphore_lock);
	sem->sleepers++;
	for (;;) {
		int sleepers = sem->sleepers;

		/*
		 * Add "everybody else" into it. They aren't
		 * playing, because we own the spinlock.
		 */
		if (!atomic_add_negative(sleepers - 1, &sem->count)) {
			sem->sleepers = 0;
			break;
		}
		sem->sleepers = 1;	/* us - see -1 above */
		spin_unlock_irq(&semaphore_lock);

		schedule();
		tsk->state = TASK_UNINTERRUPTIBLE; 
		spin_lock_irq(&semaphore_lock);
	}
	spin_unlock_irq(&semaphore_lock);

--->  Must be here.
|
|	remove_wait_queue(&sem->wait, &wait);	<----- SAME BUG
------tsk->state = TASK_RUNNING;
	wake_up(&sem->wait);

This bug in all  arch/*/kernel/semaphore.c files.

Regards
Andrey Volkov





-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/