From: Balbir Singh <balbir@linux.vnet.ibm.com>
To: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Lee Schermerhorn <Lee.Schermerhorn@hp.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>
Subject: Re: [PATCH] on CONFIG_MM_OWNER=y, kernel panic is possible. take2
Date: Thu, 08 May 2008 19:23:41 +0530 [thread overview]
Message-ID: <482305E5.6070107@linux.vnet.ibm.com> (raw)
In-Reply-To: <20080508083808.4A78.KOSAKI.MOTOHIRO@jp.fujitsu.com>
KOSAKI Motohiro wrote:
>> I'd word it as
>>
>> /*
>> * "owner" points to a task that is regarded as the canonical
>> * user/owner of this mm. All of the following must be true in
>> * order for it to be changed:
>> *
>> * current == mm->owner
>> * current->mm != mm
>> * new_owner->mm == mm
>> * new_owner->alloc_lock is held
>> */
>
> Wow, Thank you a lot!
> new version attached.
>
> Cheers!
>
>
> -----------------------------------------------------------
> When mm destruct happend, We should pass mm_update_next_owner()
> old mm.
> but unfortunately new mm is passed in exec_mmap().
>
> thus, kernel panic is possible when multi thread process use exec().
>
>
> and, owner member comment description is wrong.
> mm->owner don't not necessarily point to thread group leader.
>
>
> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
> CC: Balbir Singh <balbir@linux.vnet.ibm.com>
> CC: "Paul Menage" <menage@google.com>
> CC: "KAMEZAWA Hiroyuki" <kamezawa.hiroyu@jp.fujitsu.com>
>
> ---
> fs/exec.c | 2 +-
> include/linux/mm_types.h | 13 +++++++++++--
> 2 files changed, 12 insertions(+), 3 deletions(-)
>
> Index: b/fs/exec.c
> ===================================================================
> --- a/fs/exec.c 2008-05-04 22:57:09.000000000 +0900
> +++ b/fs/exec.c 2008-05-06 15:40:35.000000000 +0900
> @@ -735,7 +735,7 @@ static int exec_mmap(struct mm_struct *m
> tsk->active_mm = mm;
> activate_mm(active_mm, mm);
> task_unlock(tsk);
> - mm_update_next_owner(mm);
> + mm_update_next_owner(old_mm);
> arch_pick_mmap_layout(mm);
> if (old_mm) {
> up_read(&old_mm->mmap_sem);
> Index: b/include/linux/mm_types.h
> ===================================================================
> --- a/include/linux/mm_types.h 2008-05-08 09:20:13.000000000 +0900
> +++ b/include/linux/mm_types.h 2008-05-08 09:22:13.000000000 +0900
> @@ -231,8 +231,17 @@ struct mm_struct {
> rwlock_t ioctx_list_lock; /* aio lock */
> struct kioctx *ioctx_list;
> #ifdef CONFIG_MM_OWNER
> - struct task_struct *owner; /* The thread group leader that */
> - /* owns the mm_struct. */
> + /*
> + * "owner" points to a task that is regarded as the canonical
> + * user/owner of this mm. All of the following must be true in
> + * order for it to be changed:
> + *
> + * current == mm->owner
> + * current->mm != mm
> + * new_owner->mm == mm
> + * new_owner->alloc_lock is held
> + */
> + struct task_struct *owner;
> #endif
>
> #ifdef CONFIG_PROC_FS
>
Looks good to me, but I've not tested it
Acked-by: Balbir Singh <balbir@linux.vnet.ibm.com>
--
Warm Regards,
Balbir Singh
Linux Technology Center
IBM, ISTL
WARNING: multiple messages have this Message-ID (diff)
From: Balbir Singh <balbir@linux.vnet.ibm.com>
To: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Lee Schermerhorn <Lee.Schermerhorn@hp.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>
Subject: Re: [PATCH] on CONFIG_MM_OWNER=y, kernel panic is possible. take2
Date: Thu, 08 May 2008 19:23:41 +0530 [thread overview]
Message-ID: <482305E5.6070107@linux.vnet.ibm.com> (raw)
In-Reply-To: <20080508083808.4A78.KOSAKI.MOTOHIRO@jp.fujitsu.com>
KOSAKI Motohiro wrote:
>> I'd word it as
>>
>> /*
>> * "owner" points to a task that is regarded as the canonical
>> * user/owner of this mm. All of the following must be true in
>> * order for it to be changed:
>> *
>> * current == mm->owner
>> * current->mm != mm
>> * new_owner->mm == mm
>> * new_owner->alloc_lock is held
>> */
>
> Wow, Thank you a lot!
> new version attached.
>
> Cheers!
>
>
> -----------------------------------------------------------
> When mm destruct happend, We should pass mm_update_next_owner()
> old mm.
> but unfortunately new mm is passed in exec_mmap().
>
> thus, kernel panic is possible when multi thread process use exec().
>
>
> and, owner member comment description is wrong.
> mm->owner don't not necessarily point to thread group leader.
>
>
> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
> CC: Balbir Singh <balbir@linux.vnet.ibm.com>
> CC: "Paul Menage" <menage@google.com>
> CC: "KAMEZAWA Hiroyuki" <kamezawa.hiroyu@jp.fujitsu.com>
>
> ---
> fs/exec.c | 2 +-
> include/linux/mm_types.h | 13 +++++++++++--
> 2 files changed, 12 insertions(+), 3 deletions(-)
>
> Index: b/fs/exec.c
> ===================================================================
> --- a/fs/exec.c 2008-05-04 22:57:09.000000000 +0900
> +++ b/fs/exec.c 2008-05-06 15:40:35.000000000 +0900
> @@ -735,7 +735,7 @@ static int exec_mmap(struct mm_struct *m
> tsk->active_mm = mm;
> activate_mm(active_mm, mm);
> task_unlock(tsk);
> - mm_update_next_owner(mm);
> + mm_update_next_owner(old_mm);
> arch_pick_mmap_layout(mm);
> if (old_mm) {
> up_read(&old_mm->mmap_sem);
> Index: b/include/linux/mm_types.h
> ===================================================================
> --- a/include/linux/mm_types.h 2008-05-08 09:20:13.000000000 +0900
> +++ b/include/linux/mm_types.h 2008-05-08 09:22:13.000000000 +0900
> @@ -231,8 +231,17 @@ struct mm_struct {
> rwlock_t ioctx_list_lock; /* aio lock */
> struct kioctx *ioctx_list;
> #ifdef CONFIG_MM_OWNER
> - struct task_struct *owner; /* The thread group leader that */
> - /* owns the mm_struct. */
> + /*
> + * "owner" points to a task that is regarded as the canonical
> + * user/owner of this mm. All of the following must be true in
> + * order for it to be changed:
> + *
> + * current == mm->owner
> + * current->mm != mm
> + * new_owner->mm == mm
> + * new_owner->alloc_lock is held
> + */
> + struct task_struct *owner;
> #endif
>
> #ifdef CONFIG_PROC_FS
>
Looks good to me, but I've not tested it
Acked-by: Balbir Singh <balbir@linux.vnet.ibm.com>
--
Warm Regards,
Balbir Singh
Linux Technology Center
IBM, ISTL
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2008-05-08 13:53 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-06 5:40 on CONFIG_MM_OWNER=y, kernel panic is possible KOSAKI Motohiro
2008-05-06 5:40 ` KOSAKI Motohiro
2008-05-06 5:48 ` Balbir Singh
2008-05-06 5:48 ` Balbir Singh
2008-05-06 6:03 ` KOSAKI Motohiro
2008-05-06 6:03 ` KOSAKI Motohiro
2008-05-06 6:18 ` KOSAKI Motohiro
2008-05-06 6:18 ` KOSAKI Motohiro
2008-05-06 6:28 ` Balbir Singh
2008-05-06 6:28 ` Balbir Singh
2008-05-06 6:43 ` KOSAKI Motohiro
2008-05-06 6:43 ` KOSAKI Motohiro
2008-05-07 3:37 ` Paul Menage
2008-05-07 3:37 ` Paul Menage
2008-05-07 23:55 ` [PATCH] on CONFIG_MM_OWNER=y, kernel panic is possible. take2 KOSAKI Motohiro
2008-05-07 23:55 ` KOSAKI Motohiro
2008-05-08 13:53 ` Balbir Singh [this message]
2008-05-08 13:53 ` Balbir Singh
2008-05-06 6:32 ` on CONFIG_MM_OWNER=y, kernel panic is possible Balbir Singh
2008-05-06 6:32 ` Balbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=482305E5.6070107@linux.vnet.ibm.com \
--to=balbir@linux.vnet.ibm.com \
--cc=Lee.Schermerhorn@hp.com \
--cc=akpm@linux-foundation.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=menage@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.