From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751770AbYEFFtc (ORCPT ); Tue, 6 May 2008 01:49:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1762829AbYEFFtB (ORCPT ); Tue, 6 May 2008 01:49:01 -0400 Received: from E23SMTP03.au.ibm.com ([202.81.18.172]:38173 "EHLO e23smtp03.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756880AbYEFFtA (ORCPT ); Tue, 6 May 2008 01:49:00 -0400 Message-ID: <481FF115.8030503@linux.vnet.ibm.com> Date: Tue, 06 May 2008 11:18:05 +0530 From: Balbir Singh Reply-To: balbir@linux.vnet.ibm.com Organization: IBM User-Agent: Thunderbird 2.0.0.12 (X11/20080226) MIME-Version: 1.0 To: KOSAKI Motohiro CC: Lee Schermerhorn , KAMEZAWA Hiroyuki , LKML , linux-mm , Andrew Morton Subject: Re: on CONFIG_MM_OWNER=y, kernel panic is possible. References: <20080506142255.AC5D.KOSAKI.MOTOHIRO@jp.fujitsu.com> In-Reply-To: <20080506142255.AC5D.KOSAKI.MOTOHIRO@jp.fujitsu.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org KOSAKI Motohiro wrote: > on CONFIG_MM_OWNER=y (that is automatically turned on by mem-cgroup), > kernel panic is possible by following scenario in mm_update_next_owner(). > > 1. mm_update_next_owner() is called. > 2. found caller task in do_each_thread() loop. > 3. thus, BUG_ON(c == p) is true, it become kernel panic. > > end up, We should left out current task. > > That is not possible. If you look at where mm_update_next_owner() is called from, we call it from exit_mm() and exec_mmap() In both cases, we ensure that the task's mm has changed (to NULL and the new mm respectively), before we call mm_update_next_owner(), hence c->mm can never be equal to p->mm. -- Warm Regards, Balbir Singh Linux Technology Center IBM, ISTL From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sd0109e.au.ibm.com (d23rh905.au.ibm.com [202.81.18.225]) by e23smtp04.au.ibm.com (8.13.1/8.13.1) with ESMTP id m465mLnn007462 for ; Tue, 6 May 2008 15:48:21 +1000 Received: from d23av04.au.ibm.com (d23av04.au.ibm.com [9.190.235.139]) by sd0109e.au.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m465r0VO233810 for ; Tue, 6 May 2008 15:53:00 +1000 Received: from d23av04.au.ibm.com (loopback [127.0.0.1]) by d23av04.au.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m465mvPi014480 for ; Tue, 6 May 2008 15:48:58 +1000 Message-ID: <481FF115.8030503@linux.vnet.ibm.com> Date: Tue, 06 May 2008 11:18:05 +0530 From: Balbir Singh Reply-To: balbir@linux.vnet.ibm.com MIME-Version: 1.0 Subject: Re: on CONFIG_MM_OWNER=y, kernel panic is possible. References: <20080506142255.AC5D.KOSAKI.MOTOHIRO@jp.fujitsu.com> In-Reply-To: <20080506142255.AC5D.KOSAKI.MOTOHIRO@jp.fujitsu.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org Return-Path: To: KOSAKI Motohiro Cc: Lee Schermerhorn , KAMEZAWA Hiroyuki , LKML , linux-mm , Andrew Morton List-ID: KOSAKI Motohiro wrote: > on CONFIG_MM_OWNER=y (that is automatically turned on by mem-cgroup), > kernel panic is possible by following scenario in mm_update_next_owner(). > > 1. mm_update_next_owner() is called. > 2. found caller task in do_each_thread() loop. > 3. thus, BUG_ON(c == p) is true, it become kernel panic. > > end up, We should left out current task. > > That is not possible. If you look at where mm_update_next_owner() is called from, we call it from exit_mm() and exec_mmap() In both cases, we ensure that the task's mm has changed (to NULL and the new mm respectively), before we call mm_update_next_owner(), hence c->mm can never be equal to p->mm. -- Warm Regards, Balbir Singh Linux Technology Center IBM, ISTL -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org