From: Petr Mladek <pmladek@suse.com>
To: Miroslav Benes <mbenes@suse.cz>
Cc: jpoimboe@redhat.com, jeyu@redhat.com, jikos@kernel.org,
live-patching@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] livepatch: force transition process to finish
Date: Wed, 24 May 2017 15:06:10 +0200 [thread overview]
Message-ID: <20170524130610.GK7297@pathway.suse.cz> (raw)
In-Reply-To: <20170518120043.7205-4-mbenes@suse.cz>
On Thu 2017-05-18 14:00:43, Miroslav Benes wrote:
> If a task sleeps in a set of patched functions uninterruptibly, it could
> block the whole transition process indefinitely. Thus it may be useful
> to clear its TIF_PATCH_PENDING to allow the process to finish.
>
> Admin can do that now by writing 2 to force sysfs attribute in livepatch
> sysfs directory. TIF_PATCH_PENDING is then cleared for all tasks and the
> transition can finish successfully.
>
> Important note! Use wisely. Admin must be sure that it is safe to
> execute such action. This means that it must be checked that by doing so
> the consistency model guarantees are not violated.
>
> diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
> index bb61aaa196d3..d057a34510e6 100644
> --- a/kernel/livepatch/transition.c
> +++ b/kernel/livepatch/transition.c
> @@ -591,3 +591,19 @@ void klp_send_fake_signal(void)
> }
> read_unlock(&tasklist_lock);
> }
> +
> +/*
> + * Drop TIF_PATCH_PENDING of all tasks on admin's request. This forces an
> + * existing transition to finish.
> + */
> +void klp_unmark_tasks(void)
> +{
> + struct task_struct *g, *task;
> +
> + pr_warn("all tasks marked as migrated on admin's request\n");
> +
> + read_lock(&tasklist_lock);
> + for_each_process_thread(g, task)
> + klp_update_patch_state(task);
> + read_unlock(&tasklist_lock);
This should get called under klp_mutex. The following race comes to my mind:
CPU0: CPU1:
klp_transition_work_fn()
klp_try_complete_transition()
for_each_process()
if (!klp_try_switch_task(task))
# success
klp_complete_transition()
for_each_process()
task->patch_state = KLP_UNDEFINED;
klp_unmark_tasks()
for_each_process()
klp_update_patch_state()
task->patch_state =
klp_target_state;
klp_target_state = KLP_UNDEFINED;
=> CPU1 might happily set an obsolete state and create a mess.
It would be possible to solve this by reodering, barriers.
But much better solution seems to serialize both actions
using klp_mutex.
In fact, I would suggest to take klp_mutex in force_store()
and do all actions synchronously, including the check
of klp_transition_patch.
Best Regards,
Petr
PS: I know that I talked about this with Mirek and suggested
doing the check for klp_transition_patch without the lock.
It made perfect sense. But I have changed my mind when
seeing the final code.
next prev parent reply other threads:[~2017-05-24 13:06 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-18 12:00 [PATCH 0/3] livepatch: Introduce force sysfs attribute Miroslav Benes
2017-05-18 12:00 ` [PATCH 1/3] livepatch: Add " Miroslav Benes
2017-05-18 13:05 ` Libor Pechacek
2017-05-18 13:20 ` Miroslav Benes
2017-05-18 12:00 ` [PATCH 2/3] livepatch: send a fake signal to all blocking tasks Miroslav Benes
2017-05-18 13:10 ` Libor Pechacek
2017-05-18 13:20 ` Miroslav Benes
2017-05-18 16:49 ` Oleg Nesterov
2017-05-18 18:14 ` Miroslav Benes
2017-05-18 19:52 ` Oleg Nesterov
2017-05-19 7:51 ` Miroslav Benes
2017-05-23 17:30 ` Josh Poimboeuf
2017-05-24 8:31 ` Miroslav Benes
2017-05-18 12:00 ` [PATCH 3/3] livepatch: force transition process to finish Miroslav Benes
2017-05-18 13:16 ` Libor Pechacek
2017-05-18 13:22 ` Miroslav Benes
2017-05-23 17:27 ` Josh Poimboeuf
2017-05-24 8:36 ` Miroslav Benes
2017-05-24 13:06 ` Petr Mladek [this message]
2017-05-24 14:15 ` Miroslav Benes
2017-05-24 15:09 ` Petr Mladek
2017-05-25 12:59 ` Miroslav Benes
2017-05-25 16:03 ` Petr Mladek
2017-05-26 17:37 ` Josh Poimboeuf
2017-05-29 12:28 ` Petr Mladek
2017-05-30 12:41 ` Josh Poimboeuf
2017-05-26 17:38 ` Josh Poimboeuf
2017-05-29 9:26 ` Miroslav Benes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170524130610.GK7297@pathway.suse.cz \
--to=pmladek@suse.com \
--cc=jeyu@redhat.com \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=mbenes@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.