From: Roland McGrath Fix bug identified by Alexander Nyberg > The problem arises from code touching the union in alloc_posix_timer() > which makes firing go non-zero. When firing is checked in > posix_cpu_timer_set() it will be positive causing an infinite loop. > > So either the below fix or preferably move the INIT_LIST_HEAD(x) from > alloc_posix_timer() to somewhere later where it doesn't disturb the other > union members. Thanks for finding this problem. The latter is what I think is the right solution. This patch does that, and also removes some superfluous rezeroing. Signed-off-by: Roland McGrath Signed-off-by: Andrew Morton --- 25-akpm/kernel/posix-timers.c | 4 +--- 1 files changed, 1 insertion(+), 3 deletions(-) diff -puN kernel/posix-timers.c~posix-timers-cpu-clock-support-for-posix-timers-fix3 kernel/posix-timers.c --- 25/kernel/posix-timers.c~posix-timers-cpu-clock-support-for-posix-timers-fix3 Wed Feb 23 14:54:55 2005 +++ 25-akpm/kernel/posix-timers.c Wed Feb 23 14:54:55 2005 @@ -221,9 +221,8 @@ static inline int common_clock_set(clock static inline int common_timer_create(struct k_itimer *new_timer) { - new_timer->it.real.incr = 0; + INIT_LIST_HEAD(&new_timer->it.real.abs_timer_entry); init_timer(&new_timer->it.real.timer); - new_timer->it.real.timer.expires = 0; new_timer->it.real.timer.data = (unsigned long) new_timer; new_timer->it.real.timer.function = posix_timer_fn; set_timer_inactive(new_timer); @@ -564,7 +563,6 @@ static struct k_itimer * alloc_posix_tim if (!tmr) return tmr; memset(tmr, 0, sizeof (struct k_itimer)); - INIT_LIST_HEAD(&tmr->it.real.abs_timer_entry); if (unlikely(!(tmr->sigq = sigqueue_alloc()))) { kmem_cache_free(posix_timers_cache, tmr); tmr = NULL; _