[PATCH] 2.5.6-pre3 Fix small race in BSD accounting [part 2]

[PATCH] 2.5.6-pre3 Fix small race in BSD accounting [part 2]

[Bob Miller]

Linus,

While looking at the bug fix for part 1 I coded up this patch
to change the BSD accounting code to use a spinlock instead
of the BKL.

This patch assumes that part 1 has been applied.

-- 
Bob Miller					Email: rem@osdl.org
Open Source Development Lab			Phone: 503.626.2455 Ext. 17


diff -ur linux-2.5.6-orig/kernel/acct.c linux-2.5.6/kernel/acct.c
--- linux-2.5.6-orig/kernel/acct.c	Mon Mar 11 11:19:58 2002
+++ linux-2.5.6/kernel/acct.c	Mon Mar 11 11:33:14 2002
@@ -72,14 +72,30 @@
 /*
  * External references and all of the globals.
  */
-
-static volatile int acct_active;
-static volatile int acct_needcheck;
-static struct file *acct_file;
-static struct timer_list acct_timer;
 static void do_acct_process(long, struct file *);
 
 /*
+ * This structure is used so that all the data protected by lock
+ * can be placed in the same cache line as the lock.  This primes
+ * the cache line to have the data after getting the lock.
+ */
+struct acct_glbs {
+	spinlock_t		lock;
+	volatile int		active;
+	volatile int		needcheck;
+	struct file		*file;
+	struct timer_list	timer;
+};
+
+static struct acct_glbs acct_globals __cacheline_aligned = {SPIN_LOCK_UNLOCKED};
+
+#define	acct_lock	acct_globals.lock
+#define	acct_active	acct_globals.active
+#define	acct_needcheck	acct_globals.needcheck
+#define	acct_file	acct_globals.file
+#define	acct_timer	acct_globals.timer
+
+/*
  * Called whenever the timer says to check the free space.
  */
 static void acct_timeout(unsigned long unused)
@@ -96,11 +112,11 @@
 	int res;
 	int act;
 
-	lock_kernel();
+	spin_lock(&acct_lock);
 	res = acct_active;
 	if (!file || !acct_needcheck)
 		goto out;
-	unlock_kernel();
+	spin_unlock(&acct_lock);
 
 	/* May block */
 	if (vfs_statfs(file->f_dentry->d_inode->i_sb, &sbuf))
@@ -117,7 +133,7 @@
 	 * If some joker switched acct_file under us we'ld better be
 	 * silent and _not_ touch anything.
 	 */
-	lock_kernel();
+	spin_lock(&acct_lock);
 	if (file != acct_file) {
 		if (act)
 			res = act>0;
@@ -142,22 +158,26 @@
 	add_timer(&acct_timer);
 	res = acct_active;
 out:
-	unlock_kernel();
+	spin_unlock(&acct_lock);
 	return res;
 }
 
 /*
- *  sys_acct() is the only system call needed to implement process
- *  accounting. It takes the name of the file where accounting records
- *  should be written. If the filename is NULL, accounting will be
- *  shutdown.
+ *  acct_common() is the main routine that implements process accounting.
+ *  It takes the name of the file where accounting records should be
+ *  written. If the filename is NULL, accounting will be shutdown.
  */
-asmlinkage long sys_acct(const char *name)
+long acct_common(const char *name, int locked)
 {
 	struct file *file = NULL, *old_acct = NULL;
 	char *tmp;
 	int error;
 
+	/*
+	 * Should only have locked set when name is NULL (enforce this).
+	 */
+	BUG_ON(locked && name);
+
 	if (!capable(CAP_SYS_PACCT))
 		return -EPERM;
 
@@ -183,7 +203,8 @@
 	}
 
 	error = 0;
-	lock_kernel();
+	if (!locked)
+		spin_lock(&acct_lock);
 	if (acct_file) {
 		old_acct = acct_file;
 		del_timer(&acct_timer);
@@ -201,7 +222,7 @@
 		acct_timer.expires = jiffies + ACCT_TIMEOUT*HZ;
 		add_timer(&acct_timer);
 	}
-	unlock_kernel();
+	spin_unlock(&acct_lock);
 	if (old_acct) {
 		do_acct_process(0,old_acct);
 		filp_close(old_acct, NULL);
@@ -213,12 +234,25 @@
 	goto out;
 }
 
+/*
+ *  sys_acct() is the only system call needed to implement process
+ *  accounting. It takes the name of the file where accounting records
+ *  should be written. If the filename is NULL, accounting will be
+ *  shutdown.
+ */
+asmlinkage long sys_acct(const char *name)
+{
+	return (acct_common(name, 0));
+}
+
 void acct_auto_close(struct super_block *sb)
 {
-	lock_kernel();
-	if (acct_file && acct_file->f_dentry->d_inode->i_sb == sb)
-		sys_acct(NULL);
-	unlock_kernel();
+	spin_lock(&acct_lock);
+	if (acct_file && acct_file->f_dentry->d_inode->i_sb == sb) {
+		(void) acct_common(NULL, 1);
+	} else {
+		spin_unlock(&acct_lock);
+	}
 }
 
 /*
@@ -349,15 +383,15 @@
 int acct_process(long exitcode)
 {
 	struct file *file = NULL;
-	lock_kernel();
+	spin_lock(&acct_lock);
 	if (acct_file) {
 		file = acct_file;
 		get_file(file);
-		unlock_kernel();
+		spin_unlock(&acct_lock);
 		do_acct_process(exitcode, file);
 		fput(file);
 	} else
-		unlock_kernel();
+		spin_unlock(&acct_lock);
 	return 0;
 }
 

Re: [PATCH] 2.5.6-pre3 Fix small race in BSD accounting [part 2]

[Robert Love]

On Mon, 2002-03-11 at 15:07, Bob Miller wrote:

> While looking at the bug fix for part 1 I coded up this patch
> to change the BSD accounting code to use a spinlock instead
> of the BKL.

Oh, Good Job - BKL is evil.  And I think that is partly evident in the
resulting code, and I have a couple comments about it.

I suspect the recursive nature of the BKL (and perhaps the locking rules
such that you don't always hold alock, i.e. if name is not NULL) are
responsible for:

	if (!locked)
		spin_lock(&acct_lock);

which really isn't the prettiest or safest thing, although I don't
actually see any problems with it here.  With the BKL removed, it may be
better to rewrite the code in a cleaner and saner way.

I'd much rather see sane locking rules where we knew the callers and
each function entry clearly either held or does not hold the spin_lock. 
Make sure we don't call anything holding the lock, et cetera ...

Also, I like the struct but the defines are a bit ugly.  Why not just
s/acct_lock/acct_globals.lock/, for example, in the code?  Or Just call
the instance of the struct "acct" and have acct.lock, etc.

In other words, good job, but this is a development kernel - rip some of
this cruft up and make it perfect, no?

	Robert Love

Re: [PATCH] 2.5.6-pre3 Fix small race in BSD accounting [part 2]

[Bob Miller]

On Mon, Mar 11, 2002 at 03:30:03PM -0500, Robert Love wrote:
> On Mon, 2002-03-11 at 15:07, Bob Miller wrote:
> 
> > While looking at the bug fix for part 1 I coded up this patch
> > to change the BSD accounting code to use a spinlock instead
> > of the BKL.
> 
> Oh, Good Job - BKL is evil.  And I think that is partly evident in the
> resulting code, and I have a couple comments about it.
> 
> I suspect the recursive nature of the BKL (and perhaps the locking rules
> such that you don't always hold alock, i.e. if name is not NULL) are
> responsible for:
> 
> 	if (!locked)
> 		spin_lock(&acct_lock);
> 
> which really isn't the prettiest or safest thing, although I don't
> actually see any problems with it here.  With the BKL removed, it may be
> better to rewrite the code in a cleaner and saner way.
> 
> I'd much rather see sane locking rules where we knew the callers and
> each function entry clearly either held or does not hold the spin_lock. 
> Make sure we don't call anything holding the lock, et cetera ...
> 
> Also, I like the struct but the defines are a bit ugly.  Why not just
> s/acct_lock/acct_globals.lock/, for example, in the code?  Or Just call
> the instance of the struct "acct" and have acct.lock, etc.
> 
> In other words, good job, but this is a development kernel - rip some of
> this cruft up and make it perfect, no?
> 
> 	Robert Love

Robert,

Thanks for the comments.  I was going for the minimal diff approach, but I
think the code would be better with a little re-arranging.  I'll make a
cut at it and re-submit.

-- 
Bob Miller					Email: rem@osdl.org
Open Source Development Lab			Phone: 503.626.2455 Ext. 17