Re: cpusets: BUG: cpuset_excl_nodes_overlap() may sleep under tasklist_lock

[Paul Jackson <pj@sgi.com>]

Kirill Korotaev wrote:
> FYI, there is an obvious bug in cpusets in 2.6.15-rcX:
> cpuset_excl_nodes_overlap() may sleep (as it takes semaphore), but is 
> called from atomic context - select_bad_process() under tasklist_lock.
> BUG. Found by Denis Lunev.

Sorry for not responding sooner - I was off the air for a week.

Thanks for finding and reporting this.

Apparently, from KUROSAWA Takahiro's report, this bug was also in
2.6.14.  My initial reading of the code in 2.6.14 and 2.6.15-* agrees,
and finds that this bug was present since the cpuset_excl_nodes_overlap
call was added, Sept 8, 2005 (in Linus's tree.)


> the same actually applies to cpuset_zone_allowed() which is called e.g. 
> from __alloc_pages()->get_page_from_freelist() and doesn't check for 
> GPF_NOATOMIC anyhow...

I don't think so.  Please read the comments in kernel/cpuset.c above
the routine cpuset_zone_allowed().  Either that routine is called with
the __GFP_HARDWALL flag set, so returns before it gets to the semaphore
call, or it is not called at all, due to the check for ATOMIC (!wait)
in mm/page_alloc.c.

I don't see any bugs like this, in the cpuset_zone_allowed code path.


==> My initial analysis - I have one bug, in the oom_kill path,
    where the code takes callback_sem while holding tasklist_ lock,
    that has been in the main line kernel since 2.6.14.

My first guess is that it will take me about a week, with testing and
other priorities (including a few more days vacation), to respond with a
patch.  Speak up if that doesn't meet your needs.

-- 
                  I won't rest till it's the best ...
                  Programmer, Linux Scalability
                  Paul Jackson <pj@sgi.com> 1.925.600.0401