From: Oleg Nesterov <oleg@redhat.com>
To: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Don Zickus <dzickus@redhat.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
Ingo Molnar <mingo@elte.hu>,
Jerome Marchand <jmarchan@redhat.com>,
Mandeep Singh Baines <msb@google.com>,
Roland McGrath <roland@redhat.com>,
linux-kernel@vger.kernel.org, stable@kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: while_each_thread() under rcu_read_lock() is broken?
Date: Tue, 29 Jun 2010 15:05:03 +0200 [thread overview]
Message-ID: <20100629130503.GA5237@redhat.com> (raw)
In-Reply-To: <20100628234358.GJ2357@linux.vnet.ibm.com>
On 06/28, Paul E. McKenney wrote:
>
> On Fri, Jun 25, 2010 at 11:55:48AM +0200, Oleg Nesterov wrote:
> > On 06/24, Paul E. McKenney wrote:
> > >
> > > So it is OK to skip some of the other threads in this case, even
> > > though they were present throughout the whole procedure?
> >
> > I think, yes. We can miss them in any case, they can go away before
> > while_each_thread(g, t) starts the scan.
> >
> > If g == group_leader (old or new), then we should notice this thread
> > at least.
> >
> > Otherwise we can miss them all, with or without next_thread_careful().
>
> Just to be sure that we are actually talking about the same scenario...
>
> Suppose that a task group is lead by 2908 and has member 2909, 2910,
> 2911, and 2912. Suppose that 2910 does pthread_exit() just as some
> other task is "ls"ing the relevant /proc entry. Is it really OK for
> "ls" to show 2909 but not 2911 and 2912, even though 2911 and 2912
> were alive and kicking the entire time?
Confused.
Let's return to
do
printk("%d\n", t->pid);
while_each_thread(g, t);
for the moment.
In that case, if g != 2910 (the exiting thread) we will print all pids,
except we can miss 2910. With or without next_thread_careful().
Only if we start at g == 2910, then
current code: print 2910, then spin forever printing
other pids
next_thread_careful: stop printing when we notice that 2910
was unhashed.
So, yes, in this case we can miss all
other threads.
As for "ls"ing the relevant /proc entry. proc_task_readdir() is complicated,
it can drop rcu lock, sleep, etc. But basically it mimics while_each_thread()
logic. Let's assume that proc_task_fill_cache() never fails.
proc_task_readdir() always starts at the group_leader, 2908. So, with or
without next_thread_careful() we can only miss the exiting 2910.
But (again, unless I missed something) the current code can race with exec,
and s/next_thread/next_thread_careful/ in first_tid() can fix the race.
(just in case, we can fix it differently).
But, of course, if you do "ls /proc/2910/task" instead of "ls /proc/2908/task"
you can miss _all_ threads if 2910 exits before proc_task_readdir() finds
its leader, 2908. Again, this is with or without next_thread_careful().
Paul, please let me know if I misunderstood your concerns, or if I missed
something.
Oleg.
next prev parent reply other threads:[~2010-06-29 13:07 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-18 19:02 [PATCH] fix the racy check_hung_uninterruptible_tasks()->rcu_lock_break() logic Oleg Nesterov
2010-06-18 19:34 ` while_each_thread() under rcu_read_lock() is broken? Oleg Nesterov
2010-06-18 21:08 ` Roland McGrath
2010-06-18 22:37 ` Oleg Nesterov
2010-06-18 22:33 ` Paul E. McKenney
2010-06-21 17:09 ` Oleg Nesterov
2010-06-21 17:44 ` Oleg Nesterov
2010-06-21 18:00 ` Oleg Nesterov
2010-06-21 19:02 ` Roland McGrath
2010-06-21 20:06 ` Oleg Nesterov
2010-06-21 21:19 ` Eric W. Biederman
2010-06-22 14:34 ` Oleg Nesterov
2010-07-08 23:59 ` Roland McGrath
2010-07-09 0:41 ` Paul E. McKenney
2010-07-09 1:01 ` Roland McGrath
2010-07-09 16:18 ` Paul E. McKenney
2010-06-21 20:51 ` Paul E. McKenney
2010-06-21 21:22 ` Eric W. Biederman
2010-06-21 21:38 ` Paul E. McKenney
2010-06-22 21:23 ` Oleg Nesterov
2010-06-22 22:12 ` Paul E. McKenney
2010-06-23 15:24 ` Oleg Nesterov
2010-06-24 18:07 ` Paul E. McKenney
2010-06-24 18:50 ` Chris Friesen
2010-06-24 22:00 ` Oleg Nesterov
2010-06-25 0:08 ` Eric W. Biederman
2010-06-25 3:42 ` Paul E. McKenney
2010-06-25 10:08 ` Oleg Nesterov
2010-07-09 0:52 ` Roland McGrath
2010-06-24 21:14 ` Roland McGrath
2010-06-25 3:37 ` Paul E. McKenney
2010-07-09 0:41 ` Roland McGrath
2010-06-24 21:57 ` Oleg Nesterov
2010-06-25 3:41 ` Paul E. McKenney
2010-06-25 9:55 ` Oleg Nesterov
2010-06-28 23:43 ` Paul E. McKenney
2010-06-29 13:05 ` Oleg Nesterov [this message]
2010-06-29 15:34 ` Paul E. McKenney
2010-06-29 17:54 ` Oleg Nesterov
2010-06-19 5:00 ` Mandeep Baines
2010-06-19 5:35 ` Frederic Weisbecker
2010-06-19 15:44 ` Mandeep Baines
2010-06-19 19:19 ` Oleg Nesterov
2010-06-18 20:11 ` [PATCH] fix the racy check_hung_uninterruptible_tasks()->rcu_lock_break() logic Frederic Weisbecker
2010-06-18 20:38 ` Mandeep Singh Baines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100629130503.GA5237@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dzickus@redhat.com \
--cc=ebiederm@xmission.com \
--cc=fweisbec@gmail.com \
--cc=jmarchan@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=msb@google.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=roland@redhat.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.