From: Li Zefan <lizefan@huawei.com>
To: Tejun Heo <tj@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Cgroups <cgroups@vger.kernel.org>,
Davide Libenzi <davidel@xmailserver.org>,
Aaron Durbin <adurbin@google.com>,
Greg Thelen <gthelen@google.com>
Subject: [PATCH 2/4] cgroup: fix cgroup_rmdir() vs close(eventfd) race
Date: Sat, 2 Feb 2013 14:51:15 +0800 [thread overview]
Message-ID: <510CB763.3020700@huawei.com> (raw)
In-Reply-To: <510CB733.2080904@huawei.com>
commit 205a872bd6f9a9a09ef035ef1e90185a8245cc58 ("cgroup: fix lockdep
warning for event_control") sovled a deadlock by introducing a new
bug.
We can't access @event without event_list_lock, otherwise we'll race
with cgroup_event_wake() called when closing the eventfd, and then
both threads will try to free the same @event.
CPU0 CPU1
--------------------------- -----------------------------
cgroup_rmdir() close(eventfd)
list_for_each_entry() cgroup_event_wake()
list_del(event)
list_del(event)
cgroup_event_remove(event)
cgroup_event_remove(event)
To fix this, use the new eventfd_signal_hangup() to notify userspace
cgroup is removed.
Signed-off-by: Li Zefan <lizefan@huawei.com>
---
kernel/cgroup.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 3d21adf..a3d361b 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4302,9 +4302,9 @@ static int cgroup_destroy_locked(struct cgroup *cgrp)
struct dentry *d = cgrp->dentry;
struct cgroup *parent = cgrp->parent;
DEFINE_WAIT(wait);
- struct cgroup_event *event, *tmp;
+ struct eventfd_ctx *ctx;
+ struct cgroup_event *event;
struct cgroup_subsys *ss;
- LIST_HEAD(tmp_list);
lockdep_assert_held(&d->d_inode->i_mutex);
lockdep_assert_held(&cgroup_mutex);
@@ -4359,20 +4359,27 @@ static int cgroup_destroy_locked(struct cgroup *cgrp)
/*
* Unregister events and notify userspace.
* Notify userspace about cgroup removing only after rmdir of cgroup
- * directory to avoid race between userspace and kernelspace. Use
- * a temporary list to avoid a deadlock with cgroup_event_wake(). Since
+ * directory to avoid race between userspace and kernelspace. Since
* cgroup_event_wake() is called with the wait queue head locked,
- * remove_wait_queue() cannot be called while holding event_list_lock.
+ * eventfd_signal() cannot be called while holding event_list_lock.
*/
spin_lock(&cgrp->event_list_lock);
- list_splice_init(&cgrp->event_list, &tmp_list);
- spin_unlock(&cgrp->event_list_lock);
- list_for_each_entry_safe(event, tmp, &tmp_list, list) {
- list_del_init(&event->list);
- remove_wait_queue(event->wqh, &event->wait);
- eventfd_signal(event->eventfd, 1);
- schedule_work(&event->remove);
+ while (true) {
+ if (list_empty(&cgrp->event_list))
+ break;
+
+ event = list_first_entry(&cgrp->event_list,
+ struct cgroup_event, list);
+ ctx = eventfd_ctx_get(event->eventfd);
+ spin_unlock(&cgrp->event_list_lock);
+
+ eventfd_signal(ctx, 1);
+ eventfd_signal_hangup(ctx);
+ eventfd_ctx_put(ctx);
+
+ spin_lock(&cgrp->event_list_lock);
}
+ spin_unlock(&cgrp->event_list_lock);
return 0;
}
--
1.8.0.2
next prev parent reply other threads:[~2013-02-02 6:51 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-02 6:50 [PATCH 0/4] cgroup: bug fixes for eventfd Li Zefan
2013-02-02 6:50 ` Li Zefan
[not found] ` <510CB733.2080904-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-02-02 6:50 ` [PATCH 1/4] eventfd: introduce eventfd_signal_hangup() Li Zefan
2013-02-02 6:50 ` Li Zefan
[not found] ` <510CB744.7000300-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-02-02 15:58 ` Kirill A. Shutemov
2013-02-02 15:58 ` Kirill A. Shutemov
[not found] ` <20130202155858.GA13022-oKw7cIdHH8eLwutG50LtGA@public.gmane.org>
2013-02-04 10:15 ` Kirill A. Shutemov
2013-02-04 10:15 ` Kirill A. Shutemov
[not found] ` <20130204101521.GA18322-oKw7cIdHH8eLwutG50LtGA@public.gmane.org>
2013-02-05 3:40 ` Li Zefan
2013-02-05 3:40 ` Li Zefan
[not found] ` <51107F42.1090401-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-02-05 8:28 ` Kirill A. Shutemov
2013-02-05 8:28 ` Kirill A. Shutemov
2013-02-06 1:48 ` Li Zefan
[not found] ` <5111B664.5050606-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-02-06 14:53 ` Kirill A. Shutemov
2013-02-06 14:53 ` Kirill A. Shutemov
2013-02-02 6:59 ` [PATCH 0/4] cgroup: bug fixes for eventfd Li Zefan
2013-02-02 6:59 ` Li Zefan
2013-02-04 19:27 ` Tejun Heo
2013-02-04 19:27 ` Tejun Heo
2013-02-02 6:51 ` Li Zefan [this message]
[not found] ` <510CB763.3020700-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-02-02 15:59 ` [PATCH 2/4] cgroup: fix cgroup_rmdir() vs close(eventfd) race Kirill A. Shutemov
2013-02-02 15:59 ` Kirill A. Shutemov
2013-02-02 6:51 ` [PATCH 3/4] eventfd: make operations on eventfd return -EIDRM if it's hung up Li Zefan
2013-02-02 16:12 ` Kirill A. Shutemov
[not found] ` <20130202161229.GB12939-oKw7cIdHH8eLwutG50LtGA@public.gmane.org>
2013-02-04 3:15 ` Li Zefan
2013-02-04 3:15 ` Li Zefan
2013-02-02 6:51 ` [PATCH 4/4] cgroup: adapt to the new way of detecting cgroup removal Li Zefan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=510CB763.3020700@huawei.com \
--to=lizefan@huawei.com \
--cc=adurbin@google.com \
--cc=cgroups@vger.kernel.org \
--cc=davidel@xmailserver.org \
--cc=gthelen@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.