From: Dave Peterson <dsp@llnl.gov>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, riel@surriel.com
Subject: Re: [PATCH 2/2] mm: fix mm_struct reference counting bugs in mm/oom_kill.c
Date: Thu, 13 Apr 2006 17:44:02 -0700 [thread overview]
Message-ID: <200604131744.02114.dsp@llnl.gov> (raw)
In-Reply-To: <20060413162432.41892d3a.akpm@osdl.org>
On Thursday 13 April 2006 16:24, Andrew Morton wrote:
> Dave Peterson <dsp@llnl.gov> wrote:
> > The patch below fixes some mm_struct reference counting bugs in
> > badness().
>
> hm, OK, afaict the code _is_ racy.
>
> But you're now calling mmput() inside read_lock(&tasklist_lock), and
> mmput() can sleep in exit_aio() or in exit_mmap()->unmap_vmas(). So
> sterner stuff will be needed.
>
> I'll put a might_sleep() into mmput - it's a bit unexpected.
Hmm... fixing this looks rather tricky. If get_task_mm()/mmput() was
only being done on a single mm_struct then I suppose badness() could
do something a bit ugly like passing the reference back to its caller
and letting the caller do the mmput() once tasklist_lock is no longer
held. However here we are iterating over a bunch of child tasks,
potentially doing a get_task_mm()/mmput() for a number of them.
I have a suggestion for a possible solution. Currently mmput() is
implemented as follows:
01 void mmput(struct mm_struct *mm)
02 {
03 if (atomic_dec_and_lock(&mm->mm_users, &mmlist_lock)) {
04 list_del(&mm->mmlist);
05 mmlist_nr--;
06 spin_unlock(&mmlist_lock);
07 exit_aio(mm);
08 exit_mmap(mm);
09 put_swap_token(mm);
10 mmdrop(mm);
11 }
12 }
Suppose we replace lines 07-10 with a little piece of code that adds
the mm_struct to a list. Then a kernel thread empties the list
(perhaps via the work queue mechanism), doing the stuff in lines
07-10 for each mm_struct. This would eliminate the possibility of
mmput() sleeping, potentially making things easier for other callers
of mmput() and causing fewer surprises. Any comments?
WARNING: multiple messages have this Message-ID (diff)
From: Dave Peterson <dsp@llnl.gov>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, riel@surriel.com
Subject: Re: [PATCH 2/2] mm: fix mm_struct reference counting bugs in mm/oom_kill.c
Date: Thu, 13 Apr 2006 17:44:02 -0700 [thread overview]
Message-ID: <200604131744.02114.dsp@llnl.gov> (raw)
In-Reply-To: <20060413162432.41892d3a.akpm@osdl.org>
On Thursday 13 April 2006 16:24, Andrew Morton wrote:
> Dave Peterson <dsp@llnl.gov> wrote:
> > The patch below fixes some mm_struct reference counting bugs in
> > badness().
>
> hm, OK, afaict the code _is_ racy.
>
> But you're now calling mmput() inside read_lock(&tasklist_lock), and
> mmput() can sleep in exit_aio() or in exit_mmap()->unmap_vmas(). So
> sterner stuff will be needed.
>
> I'll put a might_sleep() into mmput - it's a bit unexpected.
Hmm... fixing this looks rather tricky. If get_task_mm()/mmput() was
only being done on a single mm_struct then I suppose badness() could
do something a bit ugly like passing the reference back to its caller
and letting the caller do the mmput() once tasklist_lock is no longer
held. However here we are iterating over a bunch of child tasks,
potentially doing a get_task_mm()/mmput() for a number of them.
I have a suggestion for a possible solution. Currently mmput() is
implemented as follows:
01 void mmput(struct mm_struct *mm)
02 {
03 if (atomic_dec_and_lock(&mm->mm_users, &mmlist_lock)) {
04 list_del(&mm->mmlist);
05 mmlist_nr--;
06 spin_unlock(&mmlist_lock);
07 exit_aio(mm);
08 exit_mmap(mm);
09 put_swap_token(mm);
10 mmdrop(mm);
11 }
12 }
Suppose we replace lines 07-10 with a little piece of code that adds
the mm_struct to a list. Then a kernel thread empties the list
(perhaps via the work queue mechanism), doing the stuff in lines
07-10 for each mm_struct. This would eliminate the possibility of
mmput() sleeping, potentially making things easier for other callers
of mmput() and causing fewer surprises. Any comments?
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2006-04-14 0:44 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-13 21:52 [PATCH 2/2] mm: fix mm_struct reference counting bugs in mm/oom_kill.c Dave Peterson
2006-04-13 21:52 ` Dave Peterson
2006-04-13 23:24 ` Andrew Morton
2006-04-13 23:24 ` Andrew Morton
2006-04-14 0:44 ` Dave Peterson [this message]
2006-04-14 0:44 ` Dave Peterson
2006-04-14 7:26 ` Andrew Morton
2006-04-14 7:26 ` Andrew Morton
2006-04-14 19:14 ` Dave Peterson
2006-04-14 19:14 ` Dave Peterson
2006-04-14 19:45 ` Andrew Morton
2006-04-14 19:45 ` Andrew Morton
2006-04-14 20:49 ` Dave Peterson
2006-04-14 20:49 ` Dave Peterson
2006-04-14 21:31 ` Andrew Morton
2006-04-14 21:31 ` Andrew Morton
2006-04-14 23:52 ` Dave Peterson
2006-04-14 23:52 ` Dave Peterson
2006-04-15 0:00 ` Dave Peterson
2006-04-15 0:00 ` Dave Peterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200604131744.02114.dsp@llnl.gov \
--to=dsp@llnl.gov \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=riel@surriel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.