From: Roland McGrath <roland@redhat.com>

Fix bug identified by Alexander Nyberg <alexn@dsv.su.se>

> The problem arises from code touching the union in alloc_posix_timer()
> which makes firing go non-zero. When firing is checked in
> posix_cpu_timer_set() it will be positive causing an infinite loop.
> 
> So either the below fix or preferably move the INIT_LIST_HEAD(x) from
> alloc_posix_timer() to somewhere later where it doesn't disturb the other
> union members.

Thanks for finding this problem.  The latter is what I think is the right
solution.  This patch does that, and also removes some superfluous rezeroing.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/kernel/posix-timers.c |    4 +---
 1 files changed, 1 insertion(+), 3 deletions(-)

diff -puN kernel/posix-timers.c~posix-timers-cpu-clock-support-for-posix-timers-fix3 kernel/posix-timers.c
--- 25/kernel/posix-timers.c~posix-timers-cpu-clock-support-for-posix-timers-fix3	Wed Feb 23 14:54:55 2005
+++ 25-akpm/kernel/posix-timers.c	Wed Feb 23 14:54:55 2005
@@ -221,9 +221,8 @@ static inline int common_clock_set(clock
 
 static inline int common_timer_create(struct k_itimer *new_timer)
 {
-	new_timer->it.real.incr = 0;
+	INIT_LIST_HEAD(&new_timer->it.real.abs_timer_entry);
 	init_timer(&new_timer->it.real.timer);
-	new_timer->it.real.timer.expires = 0;
 	new_timer->it.real.timer.data = (unsigned long) new_timer;
 	new_timer->it.real.timer.function = posix_timer_fn;
 	set_timer_inactive(new_timer);
@@ -564,7 +563,6 @@ static struct k_itimer * alloc_posix_tim
 	if (!tmr)
 		return tmr;
 	memset(tmr, 0, sizeof (struct k_itimer));
-	INIT_LIST_HEAD(&tmr->it.real.abs_timer_entry);
 	if (unlikely(!(tmr->sigq = sigqueue_alloc()))) {
 		kmem_cache_free(posix_timers_cache, tmr);
 		tmr = NULL;
_