From: Oleg Nesterov <oleg@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: mingo@redhat.com, hpa@zytor.com, linux-kernel@vger.kernel.org,
a.p.zijlstra@chello.nl, y-goto@jp.fujitsu.com,
akpm@linux-foundation.org, tglx@linutronix.de, mingo@elte.hu,
linux-tip-commits@vger.kernel.org
Subject: Re: [tip:sched/core] sched: Fix ancient race in do_exit()
Date: Sun, 29 Jan 2012 17:07:11 +0100 [thread overview]
Message-ID: <20120129160711.GA20803@redhat.com> (raw)
In-Reply-To: <CA+55aFyO0KxGQxYYUqmVrNqG6qVFnRT2g-kYYKtH5QG3vTnO=A@mail.gmail.com>
On 01/28, Linus Torvalds wrote:
>
> On Sat, Jan 28, 2012 at 4:03 AM, tip-bot for Yasunori Goto
> <y-goto@jp.fujitsu.com> wrote:
> >
> > sched: Fix ancient race in do_exit()
>
> Ugh.
>
> It would be much nicer to just clear the rwsem waiter->task thing
> *after* waking the task up, which would avoid this race entirely,
> afaik.
How? The problem is that wake_up_process(tsk) sees this task in
TASK_UNINTERRUPTIBLE state (the first "p->state & state" check in
try_to_wake_up), but then this task changes its state to TASK_DEAD
without schedule() and ttwu() does s/TASK_DEAD/TASK_RUNNING/.
IOW, the task doing
current->state = TASK_A;
...
current->state = TASK_B;
schedule();
can be woken up by try_to_wake_up(TASK_A), despite the fact it
sleeps in TASK_B. do_exit() is only "special" because it is not
easy to handle the spurious wakeup.
> Tell me, why wouldn't that work? rwsem_down_failed_common() does
>
> /* wait to be given the lock */
> for (;;) {
> if (!waiter.task)
> break;
> ...
>
> so then we wouldn't need the task refcount crap in rwsem either etc,
> and we'd get rid of all races with wakeup.
>
> I wonder why we're clearing that whole waiter->task so early.
I must have missed something. I can't understand how this can help,
and "clear the rwsem waiter->task thing *after* waking" looks
obviously wrong. If we do this, then we can miss the "!!waiter.task"
condition. The loop above actually does
set_task_state(TASK_UNINTERRUPTIBLE);
if (!waiter.task)
break;
schedule();
and
wake_up_process(tsk);
waiter->task = NULL;
can happen right after set_task_state().
Oleg.
next prev parent reply other threads:[~2012-01-29 16:13 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-22 0:42 [BUG] TASK_DEAD task is able to be woken up in special condition Yasunori Goto
2011-12-22 2:14 ` KOSAKI Motohiro
2011-12-22 8:22 ` Yasunori Goto
2011-12-22 20:02 ` KOSAKI Motohiro
2011-12-23 9:49 ` Peter Zijlstra
2011-12-23 15:41 ` Oleg Nesterov
2011-12-26 8:23 ` Yasunori Goto
2011-12-26 17:11 ` Oleg Nesterov
2011-12-27 6:48 ` Yasunori Goto
2012-01-06 10:22 ` Yasunori Goto
2012-01-06 11:01 ` Peter Zijlstra
2012-01-06 12:01 ` Yasunori Goto
2012-01-06 12:43 ` Peter Zijlstra
2012-01-06 14:12 ` Oleg Nesterov
2012-01-06 14:19 ` Oleg Nesterov
2012-01-07 1:31 ` Yasunori Goto
2012-01-16 11:51 ` Yasunori Goto
2012-01-16 13:38 ` Peter Zijlstra
2012-01-17 8:40 ` Yasunori Goto
2012-01-17 9:06 ` Ingo Molnar
2012-01-17 15:12 ` Oleg Nesterov
2012-01-18 9:42 ` Ingo Molnar
2012-01-18 14:20 ` Oleg Nesterov
2012-01-24 10:19 ` Peter Zijlstra
2012-01-24 10:55 ` Peter Zijlstra
2012-01-24 17:25 ` KOSAKI Motohiro
2012-01-25 15:45 ` Oleg Nesterov
2012-01-25 16:51 ` Peter Zijlstra
2012-01-25 17:43 ` Oleg Nesterov
2012-01-26 15:32 ` Peter Zijlstra
2012-01-26 16:26 ` Oleg Nesterov
2012-01-27 8:59 ` Peter Zijlstra
2012-01-24 10:11 ` Peter Zijlstra
2012-01-26 9:39 ` Ingo Molnar
2012-01-28 12:03 ` [tip:sched/core] sched: Fix ancient race in do_exit() tip-bot for Yasunori Goto
2012-01-28 21:12 ` Linus Torvalds
2012-01-29 16:07 ` Oleg Nesterov [this message]
2012-01-29 17:44 ` Linus Torvalds
2012-01-29 18:28 ` Linus Torvalds
2012-01-29 18:59 ` Oleg Nesterov
2012-01-30 16:27 ` Linus Torvalds
2012-01-06 13:48 ` [BUG] TASK_DEAD task is able to be woken up in special condition Oleg Nesterov
2011-12-28 21:07 ` KOSAKI Motohiro
2012-01-24 10:23 ` Peter Zijlstra
2012-01-24 18:01 ` KOSAKI Motohiro
2012-01-25 6:15 ` Mike Galbraith
2012-01-26 21:24 ` KOSAKI Motohiro
2012-01-25 10:10 ` Peter Zijlstra
2012-01-26 20:25 ` [tip:sched/urgent] sched: Fix rq->nr_uninterruptible update race tip-bot for Peter Zijlstra
2012-01-27 5:20 ` Rakib Mullick
2012-01-27 8:19 ` Peter Zijlstra
2012-01-27 14:11 ` Rakib Mullick
2012-01-26 21:21 ` [BUG] TASK_DEAD task is able to be woken up in special condition KOSAKI Motohiro
2012-01-27 8:21 ` Peter Zijlstra
2011-12-26 6:52 ` Yasunori Goto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120129160711.GA20803@redhat.com \
--to=oleg@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=y-goto@jp.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.