From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
Andi Kleen <andi@firstfloor.org>,
Ananth Mavinakayanahalli <ananth@in.ibm.com>,
Christoph Hellwig <hch@infradead.org>,
"Frank Ch. Eigler" <fche@redhat.com>, Ingo Molnar <mingo@elte.hu>,
Peter Zijlstra <peterz@infradead.org>,
Roland McGrath <roland@redhat.com>,
linux-kernel@vger.kernel.org, utrace-devel@redhat.com,
CAI Qian <caiqian@redhat.com>
Subject: [PATCH -mm] utrace: fix utrace_maybe_reap() vs find_matching_engine() race
Date: Thu, 21 Jan 2010 17:39:21 +0100 [thread overview]
Message-ID: <20100121163921.GA10096@redhat.com> (raw)
(on top of utrace-core.patch)
The comment in utrace_maybe_reap() correctly explains why
utrace_attach_task/utrace_control/etc can't modify or use
attaching/attached lists. But find_matching_engine() can
scan ->attached under utrace->lock without any checks, it
can race with utrace_maybe_reap() destroying list nodes.
Change utrace_maybe_reap() to empty ->attached before it
drops utrace->lock, update the comments a bit.
Reported-by: CAI Qian <caiqian@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Roland McGrath <roland@redhat.com>
---
kernel/utrace.c | 23 ++++++++++++++++-------
1 files changed, 16 insertions(+), 7 deletions(-)
--- V1/kernel/utrace.c~8_REAP_FIND_RACE 2009-12-18 01:58:37.000000000 +0100
+++ V1/kernel/utrace.c 2010-01-21 17:31:18.000000000 +0100
@@ -1,7 +1,7 @@
/*
* utrace infrastructure interface for debugging user processes
*
- * Copyright (C) 2006-2009 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2006-2010 Red Hat, Inc. All rights reserved.
*
* This copyrighted material is made available to anyone wishing to use,
* modify, copy, or redistribute it subject to the terms and conditions
@@ -859,6 +859,7 @@ void utrace_maybe_reap(struct task_struc
bool reap)
{
struct utrace_engine *engine, *next;
+ struct list_head attached;
spin_lock(&utrace->lock);
@@ -897,16 +898,24 @@ void utrace_maybe_reap(struct task_struc
}
/*
- * utrace_add_engine() checks ->utrace_flags != 0.
- * Since @utrace->reap is set, nobody can set or clear
- * UTRACE_EVENT(REAP) in @engine->flags or change
- * @engine->ops, and nobody can change @utrace->attached.
+ * utrace_add_engine() checks ->utrace_flags != 0. Since
+ * @utrace->reap is set, nobody can set or clear UTRACE_EVENT(REAP)
+ * in @engine->flags or change @engine->ops and nobody can change
+ * @utrace->attached after we drop the lock.
*/
target->utrace_flags = 0;
- splice_attaching(utrace);
+
+ /*
+ * We clear out @utrace->attached before we drop the lock so
+ * that find_matching_engine() can't come across any old engine
+ * while we are busy tearing it down.
+ */
+ list_replace_init(&utrace->attached, &attached);
+ list_splice_tail_init(&utrace->attaching, &attached);
+
spin_unlock(&utrace->lock);
- list_for_each_entry_safe(engine, next, &utrace->attached, entry) {
+ list_for_each_entry_safe(engine, next, &attached, entry) {
if (engine->flags & UTRACE_EVENT(REAP))
engine->ops->report_reap(engine, target);
reply other threads:[~2010-01-21 16:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100121163921.GA10096@redhat.com \
--to=oleg@redhat.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=ananth@in.ibm.com \
--cc=andi@firstfloor.org \
--cc=caiqian@redhat.com \
--cc=fche@redhat.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=roland@redhat.com \
--cc=utrace-devel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.