• Martin Schwidefsky's avatar
    [PATCH] s390: pfault interrupt race · b6d09449
    Martin Schwidefsky authored
    There is a race in pfault_interrupt.  That function gets called two times for
    each pfault notification.  Once with a subcode of 0 to indicate that a real
    page is not available and once with a subcode of 0x80 to indicate that the
    page is present again.
    
    Since the two external interrupts can be delivered on two different cpus the
    order in which the two calls are made is unpredictable.  It is possible that
    the subcode 0x80 interrupt is completed before the subcode 0x00 interrupt has
    done the wake_up() call.
    
    To avoid calling wake_up() on an already removed task structure proper task
    structure reference counting is needed.  Increase the reference counter in the
    subcode 0x00 interrupt before setting pfault_wait to zero and return the
    reference after the wake_up call.
    Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    b6d09449
fault.c 16.7 KB