From: "Paul E. McKenney" <paulmck@us.ibm.com>
To: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>, Dipankar Sarma <dipankar@in.ibm.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC,PATCH] Use RCU to protect tasklist for unicast signals
Date: Thu, 11 Aug 2005 18:56:07 -0700 [thread overview]
Message-ID: <20050812015607.GR1300@us.ibm.com> (raw)
In-Reply-To: <42FB41B5.98314BA5@tv-sign.ru>
On Thu, Aug 11, 2005 at 04:16:53PM +0400, Oleg Nesterov wrote:
> Paul E. McKenney wrote:
> >
> > --- linux-2.6.13-rc6/kernel/signal.c 2005-08-08 19:59:24.000000000 -0700
> > +++ linux-2.6.13-rc6-tasklistRCU/kernel/signal.c 2005-08-10 08:20:25.000000000 -0700
> > @@ -1151,9 +1151,13 @@ int group_send_sig_info(int sig, struct
> >
> > ret = check_kill_permission(sig, info, p);
> > if (!ret && sig && p->sighand) {
> > + if (!get_task_struct_rcu(p)) {
> > + return -ESRCH;
> > + }
> > spin_lock_irqsave(&p->sighand->siglock, flags);
> ^^^^^^^
> Is it correct?
Most definitely not! Thank you again for catching this one, would have
taken some serious test-and-debug time to root it out the hard way.
Fix provided as a patch against V0.7.53-01, probably still has some
bugs, as it has not yet been thoroughly tested. General approach is
to RCU-protect the sighand pointer from task_struct to sighand_struct.
Will be testing more thoroughly, in the meantime, thoughts?
Thanx, Paul
fs/exec.c | 6 +++++-
include/linux/sched.h | 10 ++++++++++
kernel/fork.c | 11 +++++++++++
kernel/signal.c | 16 +++++++++++++---
4 files changed, 39 insertions(+), 4 deletions(-)
diff -urpNa -X dontdiff linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/fs/exec.c linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/fs/exec.c
--- linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/fs/exec.c 2005-08-11 11:44:55.000000000 -0700
+++ linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/fs/exec.c 2005-08-11 12:26:45.000000000 -0700
@@ -773,6 +773,8 @@ no_thread_group:
*/
spin_lock_init(&newsighand->siglock);
atomic_set(&newsighand->count, 1);
+ newsighand->deleted = 0;
+ newsighand->successor = NULL;
memcpy(newsighand->action, oldsighand->action,
sizeof(newsighand->action));
@@ -785,12 +787,14 @@ no_thread_group:
recalc_sigpending();
task_unlock(current);
+ oldsighand->deleted = 1;
+ oldsighand->successor = newsighand;
spin_unlock(&newsighand->siglock);
spin_unlock(&oldsighand->siglock);
write_unlock_irq(&tasklist_lock);
if (atomic_dec_and_test(&oldsighand->count))
- kmem_cache_free(sighand_cachep, oldsighand);
+ sighand_free(oldsighand);
}
BUG_ON(!thread_group_empty(current));
diff -urpNa -X dontdiff linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/include/linux/sched.h linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/include/linux/sched.h
--- linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/include/linux/sched.h 2005-08-11 11:44:57.000000000 -0700
+++ linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/include/linux/sched.h 2005-08-11 12:17:01.000000000 -0700
@@ -450,8 +450,18 @@ struct sighand_struct {
atomic_t count;
struct k_sigaction action[_NSIG];
spinlock_t siglock;
+ int deleted;
+ struct sighand_struct *successor;
+ struct rcu_head rcu;
};
+static inline void sighand_free(struct sighand_struct *sp)
+{
+ extern void sighand_free_cb(struct rcu_head *rhp);
+
+ call_rcu(&sp->rcu, sighand_free_cb);
+}
+
/*
* NOTE! "signal_struct" does not have it's own
* locking, because a shared signal_struct always
diff -urpNa -X dontdiff linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/kernel/fork.c linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/kernel/fork.c
--- linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/kernel/fork.c 2005-08-11 11:44:57.000000000 -0700
+++ linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/kernel/fork.c 2005-08-11 13:05:17.000000000 -0700
@@ -43,6 +43,7 @@
#include <linux/acct.h>
#include <linux/kthread.h>
#include <linux/notifier.h>
+#include <linux/rcupdate.h>
#include <asm/pgtable.h>
#include <asm/pgalloc.h>
@@ -769,6 +770,14 @@ int unshare_files(void)
EXPORT_SYMBOL(unshare_files);
+void sighand_free_cb(struct rcu_head *rhp)
+{
+ struct sighand_struct *sp =
+ container_of(rhp, struct sighand_struct, rcu);
+
+ kmem_cache_free(sighand_cachep, sp);
+}
+
static inline int copy_sighand(unsigned long clone_flags, struct task_struct * tsk)
{
struct sighand_struct *sig;
@@ -783,6 +792,8 @@ static inline int copy_sighand(unsigned
return -ENOMEM;
spin_lock_init(&sig->siglock);
atomic_set(&sig->count, 1);
+ sig->deleted = 0;
+ sig->successor = 0;
memcpy(sig->action, current->sighand->action, sizeof(sig->action));
return 0;
}
diff -urpNa -X dontdiff linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/kernel/signal.c linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/kernel/signal.c
--- linux-2.6.13-rc4-realtime-preempt-V0.7.53-01/kernel/signal.c 2005-08-11 11:44:57.000000000 -0700
+++ linux-2.6.13-rc4-realtime-preempt-V0.7.53-01-tasklistRCU/kernel/signal.c 2005-08-11 17:37:55.000000000 -0700
@@ -1150,16 +1150,26 @@ void zap_other_threads(struct task_struc
int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
{
unsigned long flags;
+ struct sighand_struct *sp;
int ret;
ret = check_kill_permission(sig, info, p);
- if (!ret && sig && p->sighand) {
+ if (!ret && sig && (sp = p->sighand)) {
if (!get_task_struct_rcu(p)) {
return -ESRCH;
}
- spin_lock_irqsave(&p->sighand->siglock, flags);
+ spin_lock_irqsave(&sp->siglock, flags);
+ while (sp->deleted) {
+ spin_unlock_irqrestore(&sp->siglock, flags);
+ sp = sp->successor;
+ if (sp == NULL) {
+ put_task_struct(p);
+ return -ESRCH;
+ }
+ spin_lock_irqsave(&sp->siglock, flags);
+ }
ret = __group_send_sig_info(sig, info, p);
- spin_unlock_irqrestore(&p->sighand->siglock, flags);
+ spin_unlock_irqrestore(&sp->siglock, flags);
put_task_struct(p);
}
next prev parent reply other threads:[~2005-08-12 1:55 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-11 12:16 [RFC,PATCH] Use RCU to protect tasklist for unicast signals Oleg Nesterov
2005-08-11 15:20 ` Paul E. McKenney
2005-08-12 1:56 ` Paul E. McKenney [this message]
2005-08-12 8:51 ` Oleg Nesterov
2005-08-12 15:42 ` Paul E. McKenney
2005-08-15 17:44 ` Paul E. McKenney
2005-08-16 8:14 ` Ingo Molnar
2005-08-16 11:56 ` Oleg Nesterov
2005-08-16 17:07 ` Paul E. McKenney
2005-08-17 1:48 ` Paul E. McKenney
2005-08-17 6:35 ` Ingo Molnar
2005-08-17 14:35 ` Oleg Nesterov
2005-08-17 21:19 ` Paul E. McKenney
2005-08-18 11:48 ` Oleg Nesterov
2005-08-19 1:29 ` Paul E. McKenney
2005-08-19 13:27 ` Oleg Nesterov
2005-08-19 18:34 ` Paul E. McKenney
2005-08-18 12:24 ` Oleg Nesterov
-- strict thread matches above, loose matches on Subject: below --
2005-08-10 17:11 Paul E. McKenney
2005-08-11 9:56 ` Ingo Molnar
2005-08-11 14:14 ` Paul E. McKenney
2005-08-12 2:00 ` Lee Revell
2005-08-12 6:36 ` Ingo Molnar
2005-08-12 20:57 ` Paul E. McKenney
2005-08-11 17:14 ` Christoph Hellwig
2005-08-11 17:56 ` Paul E. McKenney
2005-08-11 18:00 ` Dipankar Sarma
2005-08-11 18:12 ` Dipankar Sarma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050812015607.GR1300@us.ibm.com \
--to=paulmck@us.ibm.com \
--cc=dipankar@in.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=oleg@tv-sign.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.