davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
kernel-ark/kernel
History
Porpoise 3439dd86e3 [PATCH] When CONFIG_BASE_SMALL=1, cascade() may enter an infinite loop 
When CONFIG_BASE_SAMLL=1, cascade() in may enter the infinite loop.
Because of CONFIG_BASE_SMALL=1(TVR_BITS=6 and TVN_BITS=4), the list
base->tv5 may cascade into base->tv5.  So, the kernel enters the infinite
loop in the function cascade().

I created a test module to verify this bug, and a patch to fix it.

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/timer.h>
#if 0
#include <linux/kdb.h>
#else
#define kdb_printf printk
#endif

#define TVN_BITS (CONFIG_BASE_SMALL ? 4 : 6)
#define TVR_BITS (CONFIG_BASE_SMALL ? 6 : 8)
#define TVN_SIZE (1 << TVN_BITS)
#define TVR_SIZE (1 << TVR_BITS)
#define TVN_MASK (TVN_SIZE - 1)
#define TVR_MASK (TVR_SIZE - 1)

#define TV_SIZE(N)  (N*TVN_BITS  + TVR_BITS)

struct timer_list timer0;
struct timer_list dummy_timer1;
struct timer_list dummy_timer2;

void dummy_timer_fun(unsigned long data) {
}
unsigned long j=0;
void check_timer_base(unsigned long data)
{
        kdb_printf("check_timer_base %08x\n",jiffies);
        mod_timer(&timer0,(jiffies & (~0xFFF)) + 0x1FFF);
}

int init_module(void)
{
        init_timer(&timer0);
        timer0.data = (unsigned long)0;
        timer0.function = check_timer_base;
        mod_timer(&timer0,jiffies+1);

        init_timer(&dummy_timer1);
        dummy_timer1.data = (unsigned long)0;
        dummy_timer1.function = dummy_timer_fun;

        init_timer(&dummy_timer2);
        dummy_timer2.data = (unsigned long)0;
        dummy_timer2.function = dummy_timer_fun;

        j=jiffies;
        j&=(~((1<<TV_SIZE(3))-1));
        j+=(1<<TV_SIZE(3));
        j+=(1<<TV_SIZE(4));

        kdb_printf("mod_timer %08x\n",j);

        mod_timer(&dummy_timer1, j );
        mod_timer(&dummy_timer2, j );

        return 0;
}

void cleanup_module()
{
        del_timer_sync(&timer0);
        del_timer_sync(&dummy_timer1);
        del_timer_sync(&dummy_timer2);
}

(Cleanups from Oleg)

[oleg@tv-sign.ru: use list_replace_init()]
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Matt Mackall <mpm@selenic.com>
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-23 07:43:08 -07:00
..
irq
[PATCH] make noirqdebug/irqfixup __read_mostly, add (un)likely()
2006-06-23 07:43:05 -07:00
power
[PATCH] swsusp: use less memory during resume
2006-06-23 07:43:00 -07:00
.gitignore
gitignore: ignore more generated files
2006-01-03 11:35:26 +01:00
acct.c
[PATCH] VFS: Permit filesystem to perform statfs with a known root dentry
2006-06-23 07:42:45 -07:00
audit.c
[PATCH] log more info for directory entry change events
2006-06-20 05:25:28 -04:00
audit.h
[PATCH] log more info for directory entry change events
2006-06-20 05:25:28 -04:00
auditfilter.c
[PATCH] log more info for directory entry change events
2006-06-20 05:25:28 -04:00
auditsc.c
[PATCH] Doc: add audit & acct to DocBook
2006-06-23 07:43:07 -07:00
capability.c
[PATCH] refactor capable() to one implementation, add __capable() helper
2006-03-25 08:22:56 -08:00
compat.c
[PATCH] move_pages: fix 32 -> 64 bit compat function
2006-06-23 07:42:53 -07:00
configs.c
update the email address of Randy Dunlap
2006-01-03 13:37:51 +01:00
cpu.c
[PATCH] Notifier chain update: API changes
2006-03-27 08:44:50 -08:00
cpuset.c
[PATCH] SELinux: add security hook call to mediate attach_task (kernel/cpuset.c)
2006-06-23 07:42:54 -07:00
dma.c
Linux-2.6.12-rc2
2005-04-16 15:20:36 -07:00
exec_domain.c
[PATCH] Fix module refcount leak in __set_personality()
2006-03-24 07:33:30 -08:00
exit.c
[PATCH] run_posix_cpu_timers: remove a bogus BUG_ON()
2006-06-17 10:52:13 -07:00
extable.c
[PATCH] symbol_put_addr() locks kernel
2006-05-15 11:20:55 -07:00
fork.c
[PATCH] dup fd error fix
2006-06-23 07:43:04 -07:00
futex_compat.c
[PATCH] futex: check and validate timevals
2006-03-31 12:18:59 -08:00
futex.c
[PATCH] VFS: Permit filesystem to override root dentry on mount
2006-06-23 07:42:45 -07:00
hrtimer.c
Merge git://git.infradead.org/~dwmw2/rbtree-2.6
2006-06-20 14:51:22 -07:00
itimer.c
[PATCH] hrtimers: remove data field
2006-03-26 08:57:03 -08:00
kallsyms.c
[PATCH] fix missing includes
2005-10-30 17:37:32 -08:00
Kconfig.hz
[PATCH] i386: Selectable Frequency of the Timer Interrupt
2005-06-23 09:45:10 -07:00
Kconfig.preempt
[PATCH] sched: voluntary kernel preemption
2005-06-25 16:24:45 -07:00
kexec.c
[PATCH] Add a sysfs file to determine if a kexec kernel is loaded
2006-06-23 07:43:02 -07:00
kfifo.c
[PATCH] gfp flags annotations - part 1
2005-10-08 15:00:57 -07:00
kmod.c
[PATCH] wait_for_helper: trivial style cleanup
2006-03-28 18:36:41 -08:00
kprobes.c
[PATCH] kprobes: NULL out non-relevant fields in struct kretprobe
2006-04-20 07:54:03 -07:00
ksysfs.c
[PATCH] Add a sysfs file to determine if a kexec kernel is loaded
2006-06-23 07:43:02 -07:00
kthread.c
[PATCH] find_task_by_pid() needs tasklist_lock
2006-03-25 08:22:57 -08:00
Makefile
Finally remove the obnoxious inter_module_xxx()
2006-05-08 22:40:05 +01:00
module.c
[PATCH] symbol_put_addr() locks kernel
2006-05-15 11:20:55 -07:00
mutex-debug.c
[PATCH] fix/simplify mutex debugging code
2006-01-11 08:14:16 -08:00
mutex-debug.h
[PATCH] mutex subsystem, debugging code
2006-01-09 15:59:20 -08:00
mutex.c
[PATCH] mutex: trivial whitespace cleanups
2006-01-10 14:27:59 -08:00
mutex.h
[PATCH] mutex subsystem, core
2006-01-09 15:59:19 -08:00
panic.c
[PATCH] the scheduled unexport of panic_timeout
2006-04-11 06:18:40 -07:00
params.c
[PATCH] Change dash2underscore() return value to char
2006-03-28 09:16:03 -08:00
pid.c
[PATCH] pidhash: Refactor the pid hash table
2006-03-31 12:19:00 -08:00
posix-cpu-timers.c
[PATCH] arm_timer: remove a racy and obsolete PF_EXITING check
2006-06-17 10:52:13 -07:00
posix-timers.c
[PATCH] hrtimers: remove data field
2006-03-26 08:57:03 -08:00
printk.c
Add support for suspending and resuming the whole console subsystem
2006-06-19 18:16:01 -07:00
profile.c
[PATCH] Remove __devinit and __cpuinit from notifier_call definitions
2006-04-26 08:30:03 -07:00
ptrace.c
ptrace_attach: fix possible deadlock schenario with irqs
2006-05-11 11:08:49 -07:00
rcupdate.c
[PATCH] Make RCU API inaccessible to non-GPL Linux kernel modules
2006-06-23 07:43:07 -07:00
rcutorture.c
[PATCH] for_each_possible_cpu: fixes for generic part
2006-03-28 09:16:05 -08:00
relay.c
[PATCH] relay: consolidate sendfile() and read() code
2006-03-23 19:58:45 +01:00
resource.c
[PATCH] kernel/resource.c: __check_region(): remove pointless __deprecated
2006-01-10 08:02:02 -08:00
sched.c
[PATCH] cond_resched() might_sleep() fix
2006-06-23 07:43:04 -07:00
seccomp.c
Linux-2.6.12-rc2
2005-04-16 15:20:36 -07:00
signal.c
[PATCH] collect sid of those who send signals to auditd
2006-06-20 05:25:21 -04:00
softirq.c
[PATCH] Remove __devinit and __cpuinit from notifier_call definitions
2006-04-26 08:30:03 -07:00
softlockup.c
[PATCH] Remove __devinit and __cpuinit from notifier_call definitions
2006-04-26 08:30:03 -07:00
spinlock.c
[PATCH] BUILD_LOCK_OPS: cleanup preempt_disable() usage
2006-03-23 07:38:16 -08:00
stop_machine.c
[PATCH] Remove set_fs() in stop_machine()
2006-01-10 08:01:25 -08:00
sys_ni.c
[PATCH] sys_move_pages: 32bit support (i386, x86_64)
2006-06-23 07:42:53 -07:00
sys.c
[PATCH] kernel/sys.c doesn't need init.h
2006-06-23 07:43:07 -07:00
sysctl.c
[PATCH] CONFIG_NET=n build fix
2006-06-23 07:43:06 -07:00
time.c
Fix comments: s/granuality/granularity/
2006-04-01 01:41:22 +02:00
timer.c
[PATCH] When CONFIG_BASE_SMALL=1, cascade() may enter an infinite loop
2006-06-23 07:43:08 -07:00
uid16.c
[PATCH] Add more prevent_tail_call()
2006-04-19 16:27:18 -07:00
user.c
[PATCH] selinux: add hooks for key subsystem
2006-06-22 15:05:55 -07:00
wait.c
Linux-2.6.12-rc2
2005-04-16 15:20:36 -07:00
workqueue.c
[PATCH] list: use list_replace_init() instead of list_splice_init()
2006-06-23 07:43:07 -07:00