From: Frederic Weisbecker <fweisbec@gmail.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
David Rientjes <rientjes@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Mandeep Singh Baines <msb@chromium.org>,
"Ma, Xindong" <xindong.ma@intel.com>,
Michal Hocko <mhocko@suse.cz>, Sameer Nanda <snanda@chromium.org>,
Sergey Dyasly <dserrg@gmail.com>,
"Tu, Xiaobing" <xiaobing.tu@intel.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/4] introduce for_each_thread() to replace the buggy while_each_thread()
Date: Wed, 4 Dec 2013 14:28:29 +0100 [thread overview]
Message-ID: <20131204132828.GC4530@localhost.localdomain> (raw)
In-Reply-To: <20131204130409.GA5998@redhat.com>
On Wed, Dec 04, 2013 at 02:04:09PM +0100, Oleg Nesterov wrote:
> while_each_thread() and next_thread() should die, almost every
> lockless usage is wrong.
>
> 1. Unless g == current, the lockless while_each_thread() is not safe.
>
> while_each_thread(g, t) can loop forever if g exits, next_thread()
> can't reach the unhashed thread in this case. Note that this can
> happen even if g is the group leader, it can exec.
>
> 2. Even if while_each_thread() itself was correct, people often use
> it wrongly.
>
> It was never safe to just take rcu_read_lock() and loop unless
> you verify that pid_alive(g) == T, even the first next_thread()
> can point to the already freed/reused memory.
>
> This patch adds signal_struct->thread_head and task->thread_node
> to create the normal rcu-safe list with the stable head. The new
> for_each_thread(g, t) helper is always safe under rcu_read_lock()
> as long as this task_struct can't go away.
Thanks, it looks indeed much saner to put the head in the signal struct!
>
> Note: of course it is ugly to have both task_struct->thread_node
> and the old task_struct->thread_group, we will kill it later, after
> we change the users of while_each_thread() to use for_each_thread().
>
> Perhaps we can kill it even before we convert all users, we can
> reimplement next_thread(t) using the new thread_head/thread_node.
> But we can't do this right now because this will lead to subtle
> behavioural changes. For example, do/while_each_thread() always
> sees at least one task, while for_each_thread() can do nothing if
> the whole thread group has died.
Would it be safe to have for_each_thread_continue() instead?
> Or thread_group_empty(), currently
> its semantics is not clear unless thread_group_leader(p) and we
> need to audit the callers before we can change it.
>
> So this patch adds the new interface which has to coexist with the
> old one for some time, hopefully the next changes will be more or
> less straightforward and the old one will go away soon.
>
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
> Reviewed-and-Tested-by: Sergey Dyasly <dserrg@gmail.com>
> Reviewed-by: Sameer Nanda <snanda@chromium.org>
> ---
Yeah if the conversion needs careful audit, it makes sense to switch incrementally.
next prev parent reply other threads:[~2013-12-04 13:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-04 13:03 [PATCH v2 0/4] initial while_each_thread() fixes Oleg Nesterov
2013-12-04 13:04 ` [PATCH v2 1/4] introduce for_each_thread() to replace the buggy while_each_thread() Oleg Nesterov
2013-12-04 13:28 ` Frederic Weisbecker [this message]
2013-12-04 13:49 ` Oleg Nesterov
2013-12-04 14:17 ` Frederic Weisbecker
2013-12-04 15:27 ` Oleg Nesterov
2013-12-05 0:58 ` David Rientjes
2013-12-05 18:16 ` Oleg Nesterov
2013-12-05 23:23 ` David Rientjes
2013-12-04 13:04 ` [PATCH v2 2/4] oom_kill: change oom_kill.c to use for_each_thread() Oleg Nesterov
2013-12-04 15:37 ` Michal Hocko
2013-12-05 0:39 ` David Rientjes
2013-12-04 13:04 ` [PATCH v2 3/4] oom_kill: has_intersects_mems_allowed() needs rcu_read_lock() Oleg Nesterov
2013-12-04 15:37 ` Michal Hocko
2013-12-05 0:41 ` David Rientjes
2013-12-04 13:04 ` [PATCH v2 4/4] oom_kill: add rcu_read_lock() into find_lock_task_mm() Oleg Nesterov
2013-12-04 15:40 ` Michal Hocko
2013-12-05 0:42 ` David Rientjes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131204132828.GC4530@localhost.localdomain \
--to=fweisbec@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=dserrg@gmail.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.cz \
--cc=msb@chromium.org \
--cc=oleg@redhat.com \
--cc=rientjes@google.com \
--cc=snanda@chromium.org \
--cc=xiaobing.tu@intel.com \
--cc=xindong.ma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.