From: Arun Sharma <arun.sharma@google.com>

Fix run_posix_cpu_timers()/do_exit() race condition

CPU0:

do_exit()
tsk->flags |= PF_EXITING;
/* Make sure we don't try to process any timer firings
 * while we are already exiting.
 */
tsk->it_virt_expires = cputime_zero;
tsk->it_prof_expires = cputime_zero;
tsk->it_sched_expires = 0;

<window>

  exit_notify()
  tsk->exit_state = xxx;

CPU1 (executes this code in the <window>):

setitimer()
process_timer_rebalance()
tsk->it_prof_expires=xxx;

This triggers the BUG_ON(tsk->exit_state) in run_posix_cpu_timers().

Signed-off-by: Arun Sharma <arun.sharma@google.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: george anzinger <george@mvista.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 kernel/posix-cpu-timers.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff -puN kernel/posix-cpu-timers.c~posix-timers-smp-race-condition kernel/posix-cpu-timers.c
--- 25/kernel/posix-cpu-timers.c~posix-timers-smp-race-condition	Fri Sep 23 16:00:34 2005
+++ 25-akpm/kernel/posix-cpu-timers.c	Fri Sep 23 16:00:34 2005
@@ -500,7 +500,7 @@ static void process_timer_rebalance(stru
 		left = cputime_div(cputime_sub(expires.cpu, val.cpu),
 				   nthreads);
 		do {
-			if (!unlikely(t->exit_state)) {
+			if (!unlikely(t->flags & PF_EXITING)) {
 				ticks = cputime_add(prof_ticks(t), left);
 				if (cputime_eq(t->it_prof_expires,
 					       cputime_zero) ||
@@ -515,7 +515,7 @@ static void process_timer_rebalance(stru
 		left = cputime_div(cputime_sub(expires.cpu, val.cpu),
 				   nthreads);
 		do {
-			if (!unlikely(t->exit_state)) {
+			if (!unlikely(t->flags & PF_EXITING)) {
 				ticks = cputime_add(virt_ticks(t), left);
 				if (cputime_eq(t->it_virt_expires,
 					       cputime_zero) ||
@@ -530,7 +530,7 @@ static void process_timer_rebalance(stru
 		nsleft = expires.sched - val.sched;
 		do_div(nsleft, nthreads);
 		do {
-			if (!unlikely(t->exit_state)) {
+			if (!unlikely(t->flags & PF_EXITING)) {
 				ns = t->sched_time + nsleft;
 				if (t->it_sched_expires == 0 ||
 				    t->it_sched_expires > ns) {
_