Re: [PATCH v3] sched/numa: fix unsafe get_task_struct() in task_numa_assign()

[Oleg Nesterov <oleg@redhat.com>]

On 10/21, Kirill Tkhai wrote:
>
> I think generic helper is a good idea. The prototype looks OK.
>
> But I'm a little doubt about retry loop. If this helper is generic and
> one day it may move to ./include directory,

Well, if we add a generic helper I think it should be exported even if
it has a single caller. But I agree this probably needs a justification
too.

> isn't there a probability
> people will use it wrong? This loop may bring delays or something bad.

Yes, I thought about livelock too. OK, we can remove it, just
s/goto retry/return NULL/. Or, perhaps better, return ERR_PTR(-EAGAIN)
so that the caller can know that retry is possible.

I do not really mind, and we can reconsider this later. And I will not
argue if you prefer to add the rq->curr specific hack (like your patch
does).

> And since we still depends on RCU, I'd suggest to add its lockdep assert.

Agreed.

Let me explain what I personally dislike in v3:

	- I think that we do not have enough reasons for
	  SLAB_DESTROY_BY_RCU. This is the serious change.

	  probe_kernel_read() looks better to me, and hopefully
	  IS_ENABLED(DEBUG_PAGEALLOC) can make it conditional.

	- PF_EXITING was fine in task_numa_compare(), but if we
	  move this logic into a helper (even if it is not exported)
	  then I think we need a more specific check. sighand == NULL
	  looks better to me because it clearly connects to
	  release_task() which makes this task_struct "rcu-unsafe".

	- Again, perhaps we should start we a simple and stupid fix.
	  We can do get_task_struct() under rq->lock or, if nothing
	  else, just

	  	raw_spin_lock_irq(&rq->lock);
	  	cur = rq->curr;
	  	if (is_idle_task(cur) || (cur->flags & PF_EXITING))
	  		cur = NULL;
	  	raw_spin_unlock_irq(&rq->lock);

Either way, I hope you will send v4 ;)

But probably you should wait for for Peter's opinion first.

Oleg.