From: Srivatsa Vaddagiri <vatsa@in.ibm.com>
To: pj@sgi.com, akpm@linux-foundation.org
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] Fix race between attach_task and cpuset_exit
Date: Sun, 25 Mar 2007 22:17:46 +0530 [thread overview]
Message-ID: <20070325164746.GI11794@in.ibm.com> (raw)
Currently cpuset_exit() changes the exiting task's ->cpuset pointer w/o
taking task_lock(). This can lead to ugly races between attach_task and
cpuset_exit. Details of the races are described at
http://lkml.org/lkml/2007/3/24/132.
Patch below closes those races. It is against 2.6.21-rc4 and has undergone
a simple compile/boot test on a x86_64 box.
Signed-off-by : Srivatsa Vaddagiri <vatsa@in.ibm.com>
---
diff -puN kernel/cpuset.c~cpuset_race_fix kernel/cpuset.c
--- linux-2.6.21-rc4/kernel/cpuset.c~cpuset_race_fix 2007-03-25 21:08:27.000000000 +0530
+++ linux-2.6.21-rc4-vatsa/kernel/cpuset.c 2007-03-25 21:25:05.000000000 +0530
@@ -1182,6 +1182,7 @@ static int attach_task(struct cpuset *cs
pid_t pid;
struct task_struct *tsk;
struct cpuset *oldcs;
+ struct cpuset *oldcs_tobe_released = NULL;
cpumask_t cpus;
nodemask_t from, to;
struct mm_struct *mm;
@@ -1237,6 +1238,8 @@ static int attach_task(struct cpuset *cs
}
atomic_inc(&cs->count);
rcu_assign_pointer(tsk->cpuset, cs);
+ if (atomic_dec_and_test(&oldcs->count))
+ oldcs_tobe_released = oldcs;
task_unlock(tsk);
guarantee_online_cpus(cs, &cpus);
@@ -1257,8 +1260,8 @@ static int attach_task(struct cpuset *cs
put_task_struct(tsk);
synchronize_rcu();
- if (atomic_dec_and_test(&oldcs->count))
- check_for_release(oldcs, ppathbuf);
+ if (oldcs_tobe_released)
+ check_for_release(oldcs_tobe_released, ppathbuf);
return 0;
}
@@ -2200,10 +2203,6 @@ void cpuset_fork(struct task_struct *chi
* it is holding that mutex while calling check_for_release(),
* which calls kmalloc(), so can't be called holding callback_mutex().
*
- * We don't need to task_lock() this reference to tsk->cpuset,
- * because tsk is already marked PF_EXITING, so attach_task() won't
- * mess with it, or task is a failed fork, never visible to attach_task.
- *
* the_top_cpuset_hack:
*
* Set the exiting tasks cpuset to the root cpuset (top_cpuset).
@@ -2242,19 +2241,20 @@ void cpuset_exit(struct task_struct *tsk
{
struct cpuset *cs;
+ task_lock(tsk);
cs = tsk->cpuset;
tsk->cpuset = &top_cpuset; /* the_top_cpuset_hack - see above */
+ atomic_dec(&cs->count);
+ task_unlock(tsk);
if (notify_on_release(cs)) {
char *pathbuf = NULL;
mutex_lock(&manage_mutex);
- if (atomic_dec_and_test(&cs->count))
+ if (!atomic_read(&cs->count))
check_for_release(cs, &pathbuf);
mutex_unlock(&manage_mutex);
cpuset_release_agent(pathbuf);
- } else {
- atomic_dec(&cs->count);
}
}
_
--
Regards,
vatsa
next reply other threads:[~2007-03-25 16:40 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-25 16:47 Srivatsa Vaddagiri [this message]
2007-03-25 17:52 ` [PATCH] Fix race between attach_task and cpuset_exit Balbir Singh
2007-03-25 19:54 ` Paul Jackson
2007-03-26 11:50 ` Srivatsa Vaddagiri
2007-03-26 17:58 ` Paul Jackson
2007-03-27 6:35 ` Srivatsa Vaddagiri
2007-03-27 8:45 ` Paul Jackson
2007-03-26 18:30 ` Paul Jackson
2007-03-25 19:50 ` Paul Jackson
2007-03-26 11:55 ` Srivatsa Vaddagiri
2007-04-05 5:55 ` Paul Menage
2007-04-05 7:00 ` Srivatsa Vaddagiri
2007-04-05 7:01 ` Paul Menage
2007-04-05 8:14 ` Srivatsa Vaddagiri
2007-04-05 8:10 ` Paul Menage
2007-04-10 17:12 ` Srivatsa Vaddagiri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070325164746.GI11794@in.ibm.com \
--to=vatsa@in.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pj@sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox