From: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Cc: mhocko-AlSwsSmVLrQ@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 06/17] cgroup: remove duplicate RCU free on struct cgroup
Date: Mon, 19 Nov 2012 08:59:03 -0800 [thread overview]
Message-ID: <20121119165903.GG15971@htj.dyndns.org> (raw)
In-Reply-To: <50A9F5B2.5080509-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Hello, Li.
On Mon, Nov 19, 2012 at 05:02:42PM +0800, Li Zefan wrote:
> On 2012/11/13 11:01, Tejun Heo wrote:
> > struct cgroup is made RCU-safe by synchronize_rcu() in cgroup_diput().
>
> but synchronize_rcu() is called before ss->destroy().
>
> rcu_read_lock();
> for_each_leaf_cfs_rq(cpu_rq(cpu), cfs_rq)
> print_cfs_rq(m, cpu, cfs_rq);
> -> call cgroup_path(task_group->css.cgroup);
> rcu_read_unlock();
>
> With this patch, if the above code race with cgroup_diput(), we might
> end up accessing a cgroup which has been freed.
Ah, okay. So, the problem here is that sched is using ->css_free() as
a de-registration point rather than freeing and may end up walking it
after ->css_free() is complete inside RCU period.
I think the correct solution is using ->css_offline() for that. It's
ugly to require double RCU grace periods.
> > diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> > index 278752e..a91e7ad 100644
> > --- a/kernel/cgroup.c
> > +++ b/kernel/cgroup.c
> > @@ -893,7 +893,7 @@ static void cgroup_diput(struct dentry *dentry, struct inode *inode)
> >
> > simple_xattrs_free(&cgrp->xattrs);
> >
> > - kfree_rcu(cgrp, rcu_head);
> > + kfree(cgrp);
>
> This was also added to prevent a race in group scheduling code, and I think the race still
> exists.
Care to point out which one? I don't think the double-RCU workaround
is a good idea. We really should sort it out by following object
lifecycle rules consistently.
Thanks.
--
tejun
WARNING: multiple messages have this Message-ID (diff)
From: Tejun Heo <tj@kernel.org>
To: Li Zefan <lizefan@huawei.com>
Cc: containers@lists.linux-foundation.org, cgroups@vger.kernel.org,
linux-kernel@vger.kernel.org, mhocko@suse.cz,
glommer@parallels.com
Subject: Re: [PATCH 06/17] cgroup: remove duplicate RCU free on struct cgroup
Date: Mon, 19 Nov 2012 08:59:03 -0800 [thread overview]
Message-ID: <20121119165903.GG15971@htj.dyndns.org> (raw)
In-Reply-To: <50A9F5B2.5080509@huawei.com>
Hello, Li.
On Mon, Nov 19, 2012 at 05:02:42PM +0800, Li Zefan wrote:
> On 2012/11/13 11:01, Tejun Heo wrote:
> > struct cgroup is made RCU-safe by synchronize_rcu() in cgroup_diput().
>
> but synchronize_rcu() is called before ss->destroy().
>
> rcu_read_lock();
> for_each_leaf_cfs_rq(cpu_rq(cpu), cfs_rq)
> print_cfs_rq(m, cpu, cfs_rq);
> -> call cgroup_path(task_group->css.cgroup);
> rcu_read_unlock();
>
> With this patch, if the above code race with cgroup_diput(), we might
> end up accessing a cgroup which has been freed.
Ah, okay. So, the problem here is that sched is using ->css_free() as
a de-registration point rather than freeing and may end up walking it
after ->css_free() is complete inside RCU period.
I think the correct solution is using ->css_offline() for that. It's
ugly to require double RCU grace periods.
> > diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> > index 278752e..a91e7ad 100644
> > --- a/kernel/cgroup.c
> > +++ b/kernel/cgroup.c
> > @@ -893,7 +893,7 @@ static void cgroup_diput(struct dentry *dentry, struct inode *inode)
> >
> > simple_xattrs_free(&cgrp->xattrs);
> >
> > - kfree_rcu(cgrp, rcu_head);
> > + kfree(cgrp);
>
> This was also added to prevent a race in group scheduling code, and I think the race still
> exists.
Care to point out which one? I don't think the double-RCU workaround
is a good idea. We really should sort it out by following object
lifecycle rules consistently.
Thanks.
--
tejun
next prev parent reply other threads:[~2012-11-19 16:59 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-13 3:01 [PATCHSET cgroup/for-3.8] cgroup: allow ->post_create() to fail Tejun Heo
2012-11-13 3:01 ` Tejun Heo
[not found] ` <1352775704-9023-1-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2012-11-13 3:01 ` [PATCH 01/17] cgroup: remove incorrect dget/dput() pair in cgroup_create_dir() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
[not found] ` <1352775704-9023-2-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2012-11-19 8:08 ` Li Zefan
2012-11-19 8:08 ` Li Zefan
[not found] ` <50A9E8E4.4050004-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2012-11-19 16:28 ` Tejun Heo
2012-11-19 16:28 ` Tejun Heo
2012-11-19 8:08 ` Li Zefan
2012-11-13 3:01 ` [PATCH 02/17] cgroup: initialize cgrp->allcg_node in init_cgroup_housekeeping() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 03/17] cgroup: open-code cgroup_create_dir() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 04/17] cgroup: create directory before linking while creating a new cgroup Tejun Heo
2012-11-13 3:01 ` Tejun Heo
[not found] ` <1352775704-9023-5-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2012-11-14 3:20 ` Li Zefan
2012-11-14 3:20 ` Li Zefan
[not found] ` <50A30E0F.7000408-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2012-11-14 19:04 ` Tejun Heo
2012-11-14 19:04 ` Tejun Heo
[not found] ` <20121114190407.GI21185-9pTldWuhBndy/B6EtB590w@public.gmane.org>
2012-11-16 6:04 ` Li Zefan
2012-11-16 6:04 ` Li Zefan
2012-11-16 6:04 ` Li Zefan
2012-11-14 19:04 ` Tejun Heo
2012-11-14 19:48 ` [PATCH v2 " Tejun Heo
2012-11-14 19:48 ` Tejun Heo
2012-11-14 19:48 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 05/17] cgroup: cgroup->dentry isn't a RCU pointer Tejun Heo
2012-11-13 3:01 ` Tejun Heo
[not found] ` <1352775704-9023-6-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2012-11-14 11:05 ` Glauber Costa
2012-11-14 11:05 ` Glauber Costa
[not found] ` <50A37B0A.7010608-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-11-14 18:55 ` Tejun Heo
2012-11-14 18:55 ` Tejun Heo
[not found] ` <20121114185504.GG21185-9pTldWuhBndy/B6EtB590w@public.gmane.org>
2012-11-15 3:00 ` Glauber Costa
2012-11-15 3:00 ` Glauber Costa
[not found] ` <50A45ABB.3040507-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-11-14 19:01 ` Tejun Heo
2012-11-14 19:01 ` Tejun Heo
2012-11-15 3:00 ` Glauber Costa
2012-11-14 11:05 ` Glauber Costa
2012-11-13 3:01 ` [PATCH 06/17] cgroup: remove duplicate RCU free on struct cgroup Tejun Heo
2012-11-13 3:01 ` Tejun Heo
[not found] ` <1352775704-9023-7-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2012-11-19 9:02 ` Li Zefan
2012-11-19 9:02 ` Li Zefan
[not found] ` <50A9F5B2.5080509-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2012-11-19 16:59 ` Tejun Heo [this message]
2012-11-19 16:59 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 07/17] cgroup: make CSS_* flags bit masks instead of bit positions Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 08/17] cgroup: trivial cleanup for cgroup_init/load_subsys() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 09/17] cgroup: lock cgroup_mutex in cgroup_init_subsys() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 10/17] cgroup: fix harmless bugs in cgroup_load_subsys() fail path and cgroup_unload_subsys() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 11/17] cgroup: separate out cgroup_destroy_locked() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 12/17] cgroup: introduce CSS_ONLINE flag and on/offline_css() helpers Tejun Heo
2012-11-13 3:01 ` [PATCH 13/17] cgroup: simplify cgroup_load_subsys() failure path Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 14/17] cgroup: use mutex_trylock() when grabbing i_mutex of a new cgroup directory Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 15/17] cgroup: update cgroup_create() failure path Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 16/17] cgroup: allow ->post_create() to fail Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 17/17] cgroup: rename ->create/post_create/pre_destroy/destroy() to ->css_alloc/online/offline/free() Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-13 3:01 ` Tejun Heo
2012-11-19 8:54 ` [PATCHSET cgroup/for-3.8] cgroup: allow ->post_create() to fail Li Zefan
2012-11-19 8:54 ` Li Zefan
2012-11-19 8:54 ` Li Zefan
[not found] ` <50A9F3B3.2010607-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2012-11-19 16:34 ` Tejun Heo
2012-11-19 16:34 ` Tejun Heo
2012-11-19 16:34 ` Tejun Heo
2012-11-13 3:01 ` [PATCH 12/17] cgroup: introduce CSS_ONLINE flag and on/offline_css() helpers Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121119165903.GG15971@htj.dyndns.org \
--to=tj-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=mhocko-AlSwsSmVLrQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.