From: Andrew Morton <akpm@linux-foundation.org>
To: Mathieu Desnoyers <compudj@google.com>
Cc: "Martin J. Bligh" <mbligh@google.com>,
linux-kernel@vger.kernel.org, Andi Kleen <ak@suse.de>,
"David S. Miller" <davem@davemloft.net>,
Paul Mackerras <paulus@samba.org>,
"Luck, Tony" <tony.luck@intel.com>,
Haavard Skinnemoen <hskinnemoen@atmel.com>
Subject: Re: Thread flags modified without set_thread_flag() (non atomically)
Date: Wed, 28 Feb 2007 22:03:49 -0800 [thread overview]
Message-ID: <20070228220349.b42bf571.akpm@linux-foundation.org> (raw)
In-Reply-To: <45E33EBD.6020603@google.com>
On Mon, 26 Feb 2007 12:10:37 -0800 Mathieu Desnoyers <compudj@google.com> wrote:
> Hi,
How come I'm the only person around here with a Reply button?
> Looking into the thread flags, I found out that some architecture
> specific kernel functions (in 2.6.20) sets the thread flags with non
> atomic operation.
>
> A good way to list the most trivial : grep -r TIF_ * | grep =
>
> Some examples follows. If, for instance,
> x86_64/kernel/process.c:flush_thread is called from an exec system call,
> it will do the following :
>
> x86_64/kernel/process.c: t->flags ^= (_TIF_ABI_PENDING |
> _TIF_IA32);
> x86_64/kernel/process.c: t->flags &= ~_TIF_DEBUG;
>
> void flush_thread(void)
> {
> struct task_struct *tsk = current;
> struct thread_info *t = current_thread_info();
>
> if (t->flags & _TIF_ABI_PENDING) {
> t->flags ^= (_TIF_ABI_PENDING | _TIF_IA32);
> if (t->flags & _TIF_IA32)
> current_thread_info()->status |= TS_COMPAT;
> }
> t->flags &= ~_TIF_DEBUG;
> ....
>
> As long as the flags are only updated by the thread itself at this
> moment, it seems safe, but if other updates coming from other threads
> are expected, wouldn't it result in a bad behavior ?
>
> i.e if resched_task ia being called by another CPU at the same time for
> this specific thread would set the TIF_NEED_RESCHED flag, but it could
> be overwritten by the non-atomic modification in flush_thread.
It does seem risky. Perhaps it is a micro-optimisation which utilises
knowledge that this thread_struct cannot be looked up via any path in this
context.
Or perhaps it is a bug. Andi, can you please comment?
> And about this specific flush_thread, I am puzzled about the t->flags ^=
> (_TIF_ABI_PENDING | _TIF_IA32); line. The XOR will clearly flip the
> _TIF_ABI_PENDING bit to 0, and very likely set _TIF_IA32 to the opposite
> of its current value. Why does this change need to be written atomically
> (can other threads play with these flags ?) ?
>
Don't know.
>
>
> Other examples :
>
> sparc64/kernel/ptrace.c: if
> ((task_thread_info(child)->flags & _TIF_32BIT) != 0) {
> sparc64/kernel/process.c: t->flags ^= (_TIF_ABI_PENDING |
> _TIF_32BIT);
> sparc64/kernel/process.c: t->flags &= ~_TIF_PERFCTR;
>
> sparc/kernel/process.c: current_thread_info()->flags &=
> ~_TIF_USEDFPU;
> sparc/kernel/process.c: current_thread_info()->flags &=
> ~_TIF_USEDFPU;
> sparc/kernel/process.c: current_thread_info()->flags &=
> ~_TIF_USEDFPU;
> sparc/kernel/process.c: current_thread_info()->flags &=
> ~(_TIF_USEDFPU);
> sparc/kernel/traps.c: current_thread_info()->flags |= _TIF_USEDFPU;
> sparc/kernel/traps.c: task_thread_info(fpt)->flags &= ~_TIF_USEDFPU;
That all looks rather deliberate.
> powerpc/kernel/process.c: t->flags ^= (_TIF_ABI_PENDING |
> _TIF_32BIT);
>
> ia64/kernel/mca.c: ti->flags = _TIF_MCA_INIT;
>
> avr32/kernel/ptrace.c: ti->flags |= _TIF_BREAKPOINT;
No, I don't immediately see anything in the flush_old_exec() code path
which tells us that nobody else can look up this thread_info (or be holding
a ref to it) in this context.
> avr32/kernel/ptrace.c: ti->flags |= TIF_SINGLE_STEP;
heh. Haarvard, you got a bug.
next prev parent reply other threads:[~2007-03-01 6:06 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-26 20:10 Thread flags modified without set_thread_flag() (non atomically) Mathieu Desnoyers
2007-03-01 6:03 ` Andrew Morton [this message]
2007-03-01 6:23 ` David Miller
2007-03-01 8:17 ` Andrew Morton
2007-03-01 9:34 ` Haavard Skinnemoen
2007-03-01 9:45 ` Andrew Morton
2007-03-01 10:14 ` Haavard Skinnemoen
2007-03-01 15:13 ` Haavard Skinnemoen
2007-03-01 19:59 ` Mathieu Desnoyers
2007-03-01 22:41 ` Andrew Morton
2007-03-05 16:30 ` Kyle Moffett
2007-03-05 14:40 ` Andi Kleen
2007-03-05 22:04 ` Andrew Morton
2007-03-06 4:35 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070228220349.b42bf571.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=ak@suse.de \
--cc=compudj@google.com \
--cc=davem@davemloft.net \
--cc=hskinnemoen@atmel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbligh@google.com \
--cc=paulus@samba.org \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox