From: Bharata B Rao <bharata@linux.vnet.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: Dhaval Giani <dhaval@linux.vnet.ibm.com>,
Balbir Singh <balbir@linux.vnet.ibm.com>,
Li Zefan <lizf@cn.fujitsu.com>, Paul Menage <menage@google.com>,
Ingo Molnar <mingo@elte.hu>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Subject: [PATCH -tip] cpuacct: Make cpuacct hierarchy walk in cpuacct_charge() safe when rcupreempt is used.
Date: Tue, 17 Mar 2009 11:47:54 +0530 [thread overview]
Message-ID: <20090317061754.GD3314@in.ibm.com> (raw)
cpuacct: Make cpuacct hierarchy walk in cpuacct_charge() safe when
rcupreempt is used.
cpuacct_charge() obtains task's ca and does a hierarchy walk upwards.
This can race with the task's movement between cgroups. This race
can cause an access to freed ca pointer in cpuacct_charge(). This will not
happen with rcu or tree rcu as cpuacct_charge() is called with preemption
disabled. However if rcupreempt is used, the race still exists. Thanks to
Li Zefan for explaining this.
Fix this race by explicitly protecting ca and the hierarchy walk with
rcu_read_lock().
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
---
kernel/sched.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -9891,6 +9891,13 @@ static void cpuacct_charge(struct task_s
return;
cpu = task_cpu(tsk);
+
+ /*
+ * preemption is already disabled here, but to be safe with
+ * rcupreempt, take rcu_read_lock(). This protects ca and
+ * hence the hierarchy walk.
+ */
+ rcu_read_lock();
ca = task_ca(tsk);
do {
@@ -9898,6 +9905,7 @@ static void cpuacct_charge(struct task_s
*cpuusage += cputime;
ca = ca->parent;
} while (ca);
+ rcu_read_unlock();
}
struct cgroup_subsys cpuacct_subsys = {
next reply other threads:[~2009-03-17 6:17 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-17 6:17 Bharata B Rao [this message]
2009-03-17 6:28 ` [PATCH -tip] cpuacct: Make cpuacct hierarchy walk in cpuacct_charge() safe when rcupreempt is used Li Zefan
2009-03-17 7:36 ` Bharata B Rao
2009-03-17 13:12 ` Balbir Singh
2009-03-17 13:26 ` Peter Zijlstra
2009-03-17 13:59 ` Balbir Singh
2009-03-17 14:04 ` Peter Zijlstra
2009-03-18 3:25 ` Bharata B Rao
2009-03-18 3:54 ` KAMEZAWA Hiroyuki
2009-03-18 4:48 ` Bharata B Rao
2009-03-18 7:08 ` KAMEZAWA Hiroyuki
2009-03-18 8:05 ` Bharata B Rao
2009-03-17 23:59 ` KAMEZAWA Hiroyuki
2009-03-18 3:18 ` Bharata B Rao
2009-03-18 9:36 ` Balbir Singh
2009-03-19 9:20 ` Peter Zijlstra
2009-03-19 9:43 ` Bharata B Rao
2009-03-17 12:40 ` Balbir Singh
2009-03-18 1:40 ` Li Zefan
2009-03-18 2:59 ` Balbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090317061754.GD3314@in.ibm.com \
--to=bharata@linux.vnet.ibm.com \
--cc=a.p.zijlstra@chello.nl \
--cc=balbir@linux.vnet.ibm.com \
--cc=dhaval@linux.vnet.ibm.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=menage@google.com \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox