From: Peter Zijlstra <peterz@infradead.org>
To: Kazuki Yamaguchi <k@rhe.jp>
Cc: Tejun Heo <tj@kernel.org>, Niklas Cassel <niklas.cassel@axis.com>,
linux-kernel@vger.kernel.org
Subject: Re: [BUG] sched: leaf_cfs_rq_list use after free
Date: Mon, 14 Mar 2016 13:09:03 +0100 [thread overview]
Message-ID: <20160314120903.GP6375@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <20160314112057.GT6356@twins.programming.kicks-ass.net>
On Mon, Mar 14, 2016 at 12:20:57PM +0100, Peter Zijlstra wrote:
> So I would suggest TJ to revert that patch and queue it for stable.
>
> It it clearly borken, because cgroup_exit() is called from preemptible
> context, so _obviously_ we can (and clearly will) schedule after that,
> which is somewhat hard if the cgroup we're supposedly belonging to has
> been torn to shreds in the meantime.
And I think it might be fundamentally broken, because it leaves ->css
set to whatever cgroup we had, while simultaneously allowing that css to
go away.
This means that anything trying to use this pointer; and there's quite a
lot of that; is in for a nasty surprise.
So you really need to change the ->css, either when the task starts
dying (like it used to), or otherwise right before the cgroup goes
offline.
The argument used was that people want to see resources consumed by
Zombies, which is all fine and dandy, but when you destroy the cgroup
you cannot see that anyway.
So something needs to fundamentally ensure that ->css changes before we
go offline the thing.
next prev parent reply other threads:[~2016-03-14 12:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-12 9:42 [BUG] sched: leaf_cfs_rq_list use after free Kazuki Yamaguchi
2016-03-12 13:59 ` Peter Zijlstra
2016-03-14 11:20 ` Peter Zijlstra
2016-03-14 12:09 ` Peter Zijlstra [this message]
2016-03-16 14:24 ` Tejun Heo
2016-03-16 14:44 ` Tejun Heo
2016-03-16 15:22 ` Peter Zijlstra
2016-03-16 16:50 ` Tejun Heo
2016-03-16 17:04 ` Peter Zijlstra
2016-03-16 17:49 ` Tejun Heo
2016-03-17 8:29 ` Niklas Cassel
2016-03-21 11:15 ` [tip:sched/urgent] sched/cgroup: Fix/cleanup cgroup teardown/init tip-bot for Peter Zijlstra
2016-04-28 18:40 ` Peter Zijlstra
2016-04-28 18:51 ` Greg Kroah-Hartman
2016-04-28 21:36 ` Peter Zijlstra
2016-05-02 3:06 ` Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2016-03-04 10:41 [BUG] sched: leaf_cfs_rq_list use after free Niklas Cassel
2016-03-10 12:54 ` Peter Zijlstra
2016-03-11 17:02 ` Niklas Cassel
2016-03-11 17:28 ` Peter Zijlstra
2016-03-11 18:20 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160314120903.GP6375@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=k@rhe.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=niklas.cassel@axis.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.