Skip to content

Commit 55e8c8e

Browse files
ebiedermKAGA-KOKO
ebiederm
authored and
KAGA-KOKO
committed
posix-cpu-timers: Store a reference to a pid not a task
posix cpu timers do not handle the death of a process well. This is most clearly seen when a multi-threaded process calls exec from a thread that is not the leader of the thread group. The posix cpu timer code continues to pin the old thread group leader and is unable to find the siglock from there. This results in posix_cpu_timer_del being unable to delete a timer, posix_cpu_timer_set being unable to set a timer. Further to compensate for the problems in posix_cpu_timer_del on a multi-threaded exec all timers that point at the multi-threaded task are stopped. The code for the timers fundamentally needs to check if the target process/thread is alive. This needs an extra level of indirection. This level of indirection is already available in struct pid. So replace cpu.task with cpu.pid to get the needed extra layer of indirection. In addition to handling things more cleanly this reduces the amount of memory a timer can pin when a process exits and then is reaped from a task_struct to the vastly smaller struct pid. Fixes: e0a7021 ("posix-cpu-timers: workaround to suppress the problems with mt exec") Signed-off-by: "Eric W. Biederman" <[email protected]> Signed-off-by: Thomas Gleixner <[email protected]> Link: https://lkml.kernel.org/r/[email protected]
1 parent beb41d9 commit 55e8c8e

File tree

2 files changed

+56
-19
lines changed

2 files changed

+56
-19
lines changed

include/linux/posix-timers.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ static inline int clockid_to_fd(const clockid_t clk)
6969
struct cpu_timer {
7070
struct timerqueue_node node;
7171
struct timerqueue_head *head;
72-
struct task_struct *task;
72+
struct pid *pid;
7373
struct list_head elist;
7474
int firing;
7575
};

kernel/time/posix-cpu-timers.c

Lines changed: 55 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,16 @@ static inline int validate_clock_permissions(const clockid_t clock)
118118
return __get_task_for_clock(clock, false, false) ? 0 : -EINVAL;
119119
}
120120

121+
static inline enum pid_type cpu_timer_pid_type(struct k_itimer *timer)
122+
{
123+
return CPUCLOCK_PERTHREAD(timer->it_clock) ? PIDTYPE_PID : PIDTYPE_TGID;
124+
}
125+
126+
static inline struct task_struct *cpu_timer_task_rcu(struct k_itimer *timer)
127+
{
128+
return pid_task(timer->it.cpu.pid, cpu_timer_pid_type(timer));
129+
}
130+
121131
/*
122132
* Update expiry time from increment, and increase overrun count,
123133
* given the current clock sample.
@@ -391,7 +401,12 @@ static int posix_cpu_timer_create(struct k_itimer *new_timer)
391401

392402
new_timer->kclock = &clock_posix_cpu;
393403
timerqueue_init(&new_timer->it.cpu.node);
394-
new_timer->it.cpu.task = p;
404+
new_timer->it.cpu.pid = get_task_pid(p, cpu_timer_pid_type(new_timer));
405+
/*
406+
* get_task_for_clock() took a reference on @p. Drop it as the timer
407+
* holds a reference on the pid of @p.
408+
*/
409+
put_task_struct(p);
395410
return 0;
396411
}
397412

@@ -404,13 +419,15 @@ static int posix_cpu_timer_create(struct k_itimer *new_timer)
404419
static int posix_cpu_timer_del(struct k_itimer *timer)
405420
{
406421
struct cpu_timer *ctmr = &timer->it.cpu;
407-
struct task_struct *p = ctmr->task;
408422
struct sighand_struct *sighand;
423+
struct task_struct *p;
409424
unsigned long flags;
410425
int ret = 0;
411426

412-
if (WARN_ON_ONCE(!p))
413-
return -EINVAL;
427+
rcu_read_lock();
428+
p = cpu_timer_task_rcu(timer);
429+
if (!p)
430+
goto out;
414431

415432
/*
416433
* Protect against sighand release/switch in exit/exec and process/
@@ -432,8 +449,10 @@ static int posix_cpu_timer_del(struct k_itimer *timer)
432449
unlock_task_sighand(p, &flags);
433450
}
434451

452+
out:
453+
rcu_read_unlock();
435454
if (!ret)
436-
put_task_struct(p);
455+
put_pid(ctmr->pid);
437456

438457
return ret;
439458
}
@@ -561,13 +580,21 @@ static int posix_cpu_timer_set(struct k_itimer *timer, int timer_flags,
561580
clockid_t clkid = CPUCLOCK_WHICH(timer->it_clock);
562581
u64 old_expires, new_expires, old_incr, val;
563582
struct cpu_timer *ctmr = &timer->it.cpu;
564-
struct task_struct *p = ctmr->task;
565583
struct sighand_struct *sighand;
584+
struct task_struct *p;
566585
unsigned long flags;
567586
int ret = 0;
568587

569-
if (WARN_ON_ONCE(!p))
570-
return -EINVAL;
588+
rcu_read_lock();
589+
p = cpu_timer_task_rcu(timer);
590+
if (!p) {
591+
/*
592+
* If p has just been reaped, we can no
593+
* longer get any information about it at all.
594+
*/
595+
rcu_read_unlock();
596+
return -ESRCH;
597+
}
571598

572599
/*
573600
* Use the to_ktime conversion because that clamps the maximum
@@ -584,8 +611,10 @@ static int posix_cpu_timer_set(struct k_itimer *timer, int timer_flags,
584611
* If p has just been reaped, we can no
585612
* longer get any information about it at all.
586613
*/
587-
if (unlikely(sighand == NULL))
614+
if (unlikely(sighand == NULL)) {
615+
rcu_read_unlock();
588616
return -ESRCH;
617+
}
589618

590619
/*
591620
* Disarm any old timer after extracting its expiry time.
@@ -690,6 +719,7 @@ static int posix_cpu_timer_set(struct k_itimer *timer, int timer_flags,
690719

691720
ret = 0;
692721
out:
722+
rcu_read_unlock();
693723
if (old)
694724
old->it_interval = ns_to_timespec64(old_incr);
695725

@@ -701,18 +731,20 @@ static void posix_cpu_timer_get(struct k_itimer *timer, struct itimerspec64 *itp
701731
clockid_t clkid = CPUCLOCK_WHICH(timer->it_clock);
702732
struct cpu_timer *ctmr = &timer->it.cpu;
703733
u64 now, expires = cpu_timer_getexpires(ctmr);
704-
struct task_struct *p = ctmr->task;
734+
struct task_struct *p;
705735

706-
if (WARN_ON_ONCE(!p))
707-
return;
736+
rcu_read_lock();
737+
p = cpu_timer_task_rcu(timer);
738+
if (!p)
739+
goto out;
708740

709741
/*
710742
* Easy part: convert the reload time.
711743
*/
712744
itp->it_interval = ktime_to_timespec64(timer->it_interval);
713745

714746
if (!expires)
715-
return;
747+
goto out;
716748

717749
/*
718750
* Sample the clock to take the difference with the expiry time.
@@ -732,6 +764,8 @@ static void posix_cpu_timer_get(struct k_itimer *timer, struct itimerspec64 *itp
732764
itp->it_value.tv_nsec = 1;
733765
itp->it_value.tv_sec = 0;
734766
}
767+
out:
768+
rcu_read_unlock();
735769
}
736770

737771
#define MAX_COLLECTED 20
@@ -952,14 +986,15 @@ static void check_process_timers(struct task_struct *tsk,
952986
static void posix_cpu_timer_rearm(struct k_itimer *timer)
953987
{
954988
clockid_t clkid = CPUCLOCK_WHICH(timer->it_clock);
955-
struct cpu_timer *ctmr = &timer->it.cpu;
956-
struct task_struct *p = ctmr->task;
989+
struct task_struct *p;
957990
struct sighand_struct *sighand;
958991
unsigned long flags;
959992
u64 now;
960993

961-
if (WARN_ON_ONCE(!p))
962-
return;
994+
rcu_read_lock();
995+
p = cpu_timer_task_rcu(timer);
996+
if (!p)
997+
goto out;
963998

964999
/*
9651000
* Fetch the current sample and update the timer's expiry time.
@@ -974,13 +1009,15 @@ static void posix_cpu_timer_rearm(struct k_itimer *timer)
9741009
/* Protect timer list r/w in arm_timer() */
9751010
sighand = lock_task_sighand(p, &flags);
9761011
if (unlikely(sighand == NULL))
977-
return;
1012+
goto out;
9781013

9791014
/*
9801015
* Now re-arm for the new expiry time.
9811016
*/
9821017
arm_timer(timer, p);
9831018
unlock_task_sighand(p, &flags);
1019+
out:
1020+
rcu_read_unlock();
9841021
}
9851022

9861023
/**

0 commit comments

Comments
 (0)