[PATCH] sched: fix another race when reading /proc/sched_debug

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Li Zefan <lizf@cn.fujitsu.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>,
	Paul Menage <menage@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH] sched: fix another race when reading /proc/sched_debug
Date: Fri, 12 Dec 2008 17:53:52 +0800	[thread overview]
Message-ID: <494234B0.5@cn.fujitsu.com> (raw)

I fixed an oops with the following commit:

| commit 24eb089950ce44603b30a3145a2c8520e2b55bb1
| Author: Li Zefan <lizf@cn.fujitsu.com>
| Date:   Thu Nov 6 12:53:32 2008 -0800
|
|    cgroups: fix invalid cgrp->dentry before cgroup has been completely removed
|
|    This fixes an oops when reading /proc/sched_debug.

The above commit fixed a race that reading /proc/sched_debug may access
NULL cgrp->dentry if a cgroup is being removed.

But I found there's another different race, in that reading sched_debug
may access a cgroup which hasn't been completed created, and thus
dereference NULL cgrp->dentry!

cgroup_create()
  cpu_cgroup_create()
    register_fair_sched_group()
      list_add_rcu(...)
				print_cfs_stats()
				  for_each_leaf_cfs_rq()
				    print_cfs_rq()
				      cgroup_path()
  cgroup->dentry = dentry;

task_group is added to the global list before the cgroup has been created
completely, if at this time print_cfs_stats() is called, it will access
the half-created cgroup.

This patch fixes the bug by holding cgroup_lock() to wait the cgroup to
be created completely before calling cgroup_path().

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
---

The patch is based on linus's git tree, and should go into 2.6.28,
but it conflicts with the cleanup patch in sched/core:
	0a0db8f5c9d4bbb9bbfcc2b6cb6bce2d0ef4d73d

---
 kernel/sched_debug.c |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/kernel/sched_debug.c b/kernel/sched_debug.c
index 26ed8e3..01abf5b 100644
--- a/kernel/sched_debug.c
+++ b/kernel/sched_debug.c
@@ -127,8 +127,11 @@ void print_cfs_rq(struct seq_file *m, int cpu, struct cfs_rq *cfs_rq)
 	if (tg)
 		cgroup = tg->css.cgroup;
 
-	if (cgroup)
+	if (cgroup) {
+		cgroup_lock();
 		cgroup_path(cgroup, path, sizeof(path));
+		cgroup_unlock();
+	}
 
 	SEQ_printf(m, "\ncfs_rq[%d]:%s\n", cpu, path);
 #else
@@ -181,8 +184,11 @@ void print_rt_rq(struct seq_file *m, int cpu, struct rt_rq *rt_rq)
 	if (tg)
 		cgroup = tg->css.cgroup;
 
-	if (cgroup)
+	if (cgroup) {
+		cgroup_lock();
 		cgroup_path(cgroup, path, sizeof(path));
+		cgroup_unlock();
+	}
 
 	SEQ_printf(m, "\nrt_rq[%d]:%s\n", cpu, path);
 #else
-- 
1.5.4.rc3

next             reply	other threads:[~2008-12-12  9:55 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-12  9:53 Li Zefan [this message]
2008-12-12 10:00 ` [PATCH] sched: fix another race when reading /proc/sched_debug Ingo Molnar
2008-12-14  2:54   ` Li Zefan
2008-12-14 12:48     ` Peter Zijlstra
2008-12-15  1:25       ` Li Zefan
2008-12-15  8:13         ` Peter Zijlstra
2008-12-15  9:51           ` Li Zefan
2008-12-15 10:43             ` Peter Zijlstra
2008-12-15 11:08               ` KAMEZAWA Hiroyuki
2008-12-16  5:48                 ` Li Zefan
2008-12-16  6:59                   ` Li Zefan
2008-12-16  9:41               ` Paul Menage
2008-12-16 12:42                 ` Paul Menage
2008-12-16 12:55                   ` Li Zefan
2008-12-16 18:35                     ` Paul Menage
     [not found]       ` <6599ad830812141347k5d7e7e08vfc17855ea0ac981c@mail.gmail.com>
2008-12-15  1:39         ` Li Zefan
2008-12-15  1:50           ` KAMEZAWA Hiroyuki
2008-12-15  2:11             ` Li Zefan
2008-12-16  9:23             ` Paul Menage
2008-12-16  9:39               ` Li Zefan
2008-12-19  4:37       ` Balbir Singh
2008-12-19 14:06         ` Paul Menage
2008-12-16  8:01     ` Li Zefan
2008-12-16 12:23       ` Ingo Molnar
2008-12-12 11:38 ` Bharata B Rao
2008-12-13  8:22   ` Li Zefan

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:26ed8e3 dfblob:01abf5b )
 OR (
bs:"[PATCH] sched: fix another race when reading /proc/sched_debug" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=494234B0.5@cn.fujitsu.com \
    --to=lizf@cn.fujitsu.com \
    --cc=a.p.zijlstra@chello.nl \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=menage@google.com \
    --cc=mingo@elte.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.