From: Li Zefan <lizf@cn.fujitsu.com>
To: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Mandeep Singh Baines <msb@chromium.org>,
Tejun Heo <tj@kernel.org>, LKML <linux-kernel@vger.kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [RFC][PATCH v2] cgroups: Run subsystem fork callback from cgroup_post_fork()
Date: Thu, 01 Mar 2012 11:20:47 +0800 [thread overview]
Message-ID: <4F4EEB0F.2000504@cn.fujitsu.com> (raw)
In-Reply-To: <20120229162148.GA8375@somewhere.redhat.com>
于 2012年03月01日 00:21, Frederic Weisbecker 写道:
> On Wed, Feb 29, 2012 at 07:55:00AM -0800, Mandeep Singh Baines wrote:
>> Frederic Weisbecker (fweisbec@gmail.com) wrote:
>>> When a user freezes a cgroup, the freezer sets the subsystem state
>>> to CGROUP_FREEZING and then iterates over the tasks in the cgroup links.
>>>
>>> But there is a possible race here, although unlikely, if a task
>>> forks and the parent is preempted between write_unlock(tasklist_lock)
>>> and cgroup_post_fork(). If we freeze the cgroup while the parent
>>
>> So what if you moved cgroup_post_forks() a few lines up to be
>> inside the tasklist_lock?
>
> It won't work. Consider this scenario:
>
> CPU 0 CPU 1
>
> cgroup_fork_callbacks()
> write_lock(tasklist_lock)
> try_to_freeze_cgroup() { add child to task list etc...
> cgroup_iter_start()
> freeze tasks
> cgroup_iter_end()
> } cgroup_post_fork()
> write_unlock(tasklist_lock)
>
> If this is not the first time we call cgroup_iter_start(), we won't go
> through the whole tasklist, we simply iterate through the css set task links.
>
> Plus we try to avoid anything under tasklist_lock when possible.
>
Your patch won't close the race I'm afraid.
// state will be set to FREEZING
echo FROZEN > /cgroup/sub/freezer.state
write_lock(tasklist_lock)
add child to task list ...
write_unlock(tasklist_lock)
// state will be updated to FROZEN
cat /cgroup/sub/freezer.state
cgroup_post_fork()
->freezer_fork()
freezer_fork() will freeze the task only if the cgroup is in FREEZING
state, and will BUG if the state is FROZEN.
We can fix freezer_fork(), but seems that requires we hold cgroup_mutex
in that function(), which we don't like at all. Not to say your
task_counter stuff..
At this moment I don't see a solution without tasklist_lock involved,
any better idea?
(I just realized be patch below introduces a tasklist_lock <-> freezer->lock
ABBA deadlock, so it's bad to screw up with tasklist lock)
diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
index fc0646b..74527ac 100644
--- a/kernel/cgroup_freezer.c
+++ b/kernel/cgroup_freezer.c
@@ -278,6 +278,12 @@ static int try_to_freeze_cgroup(struct cgroup *cgroup, struct freezer *freezer)
struct task_struct *task;
unsigned int num_cant_freeze_now = 0;
+ /*
+ * With this lock held and the check in freezer_fork(), a
+ * half-forked task has no chance to escape from freezing.
+ */
+ read_lock(&tasklist_lock);
+
cgroup_iter_start(cgroup, &it);
while ((task = cgroup_iter_next(cgroup, &it))) {
if (!freeze_task(task))
@@ -289,6 +295,8 @@ static int try_to_freeze_cgroup(struct cgroup *cgroup, struct freezer *freezer)
}
cgroup_iter_end(cgroup, &it);
+ read_unlock(&tasklist_lock);
+
return num_cant_freeze_now ? -EBUSY : 0;
}
diff --git a/kernel/fork.c b/kernel/fork.c
index e2cd3e2..2450720 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1328,15 +1328,15 @@ static struct task_struct *copy_process(unsigned long clone_flags,
p->group_leader = p;
INIT_LIST_HEAD(&p->thread_group);
+ /* Need tasklist lock for parent etc handling! */
+ write_lock_irq(&tasklist_lock);
+
/* Now that the task is set up, run cgroup callbacks if
* necessary. We need to run them before the task is visible
* on the tasklist. */
cgroup_fork_callbacks(p);
cgroup_callbacks_done = 1;
- /* Need tasklist lock for parent etc handling! */
- write_lock_irq(&tasklist_lock);
-
/* CLONE_PARENT re-uses the old parent */
if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
p->real_parent = current->real_parent;
@@ -1393,9 +1393,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
total_forks++;
spin_unlock(¤t->sighand->siglock);
+ cgroup_post_fork(p);
write_unlock_irq(&tasklist_lock);
proc_fork_connector(p);
- cgroup_post_fork(p);
if (clone_flags & CLONE_THREAD)
threadgroup_change_end(current);
perf_event_fork(p);
next prev parent reply other threads:[~2012-03-01 3:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-24 4:23 [RFC][PATCH] cgroups: Run subsystem fork callback from cgroup_post_fork() Frederic Weisbecker
2012-02-24 4:32 ` Frederic Weisbecker
2012-02-27 17:02 ` [RFC][PATCH v2] " Frederic Weisbecker
2012-02-29 15:55 ` Mandeep Singh Baines
2012-02-29 16:21 ` Frederic Weisbecker
2012-03-01 3:20 ` Li Zefan [this message]
2012-03-04 13:53 ` Frederic Weisbecker
2012-03-07 9:22 ` Li Zefan
2012-03-08 15:53 ` Frederic Weisbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F4EEB0F.2000504@cn.fujitsu.com \
--to=lizf@cn.fujitsu.com \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=msb@chromium.org \
--cc=oleg@redhat.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.