From: Frederic Weisbecker <fweisbec@gmail.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
David Rientjes <rientjes@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Mandeep Singh Baines <msb@chromium.org>,
"Ma, Xindong" <xindong.ma@intel.com>,
Michal Hocko <mhocko@suse.cz>, Sameer Nanda <snanda@chromium.org>,
Sergey Dyasly <dserrg@gmail.com>,
"Tu, Xiaobing" <xiaobing.tu@intel.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/4] introduce for_each_thread() to replace the buggy while_each_thread()
Date: Wed, 4 Dec 2013 14:28:29 +0100 [thread overview]
Message-ID: <20131204132828.GC4530@localhost.localdomain> (raw)
In-Reply-To: <20131204130409.GA5998@redhat.com>
On Wed, Dec 04, 2013 at 02:04:09PM +0100, Oleg Nesterov wrote:
> while_each_thread() and next_thread() should die, almost every
> lockless usage is wrong.
>
> 1. Unless g == current, the lockless while_each_thread() is not safe.
>
> while_each_thread(g, t) can loop forever if g exits, next_thread()
> can't reach the unhashed thread in this case. Note that this can
> happen even if g is the group leader, it can exec.
>
> 2. Even if while_each_thread() itself was correct, people often use
> it wrongly.
>
> It was never safe to just take rcu_read_lock() and loop unless
> you verify that pid_alive(g) == T, even the first next_thread()
> can point to the already freed/reused memory.
>
> This patch adds signal_struct->thread_head and task->thread_node
> to create the normal rcu-safe list with the stable head. The new
> for_each_thread(g, t) helper is always safe under rcu_read_lock()
> as long as this task_struct can't go away.
Thanks, it looks indeed much saner to put the head in the signal struct!
>
> Note: of course it is ugly to have both task_struct->thread_node
> and the old task_struct->thread_group, we will kill it later, after
> we change the users of while_each_thread() to use for_each_thread().
>
> Perhaps we can kill it even before we convert all users, we can
> reimplement next_thread(t) using the new thread_head/thread_node.
> But we can't do this right now because this will lead to subtle
> behavioural changes. For example, do/while_each_thread() always
> sees at least one task, while for_each_thread() can do nothing if
> the whole thread group has died.
Would it be safe to have for_each_thread_continue() instead?
> Or thread_group_empty(), currently
> its semantics is not clear unless thread_group_leader(p) and we
> need to audit the callers before we can change it.
>
> So this patch adds the new interface which has to coexist with the
> old one for some time, hopefully the next changes will be more or
> less straightforward and the old one will go away soon.
>
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
> Reviewed-and-Tested-by: Sergey Dyasly <dserrg@gmail.com>
> Reviewed-by: Sameer Nanda <snanda@chromium.org>
> ---
Yeah if the conversion needs careful audit, it makes sense to switch incrementally.
next prev parent reply other threads:[~2013-12-04 13:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-04 13:03 [PATCH v2 0/4] initial while_each_thread() fixes Oleg Nesterov
2013-12-04 13:04 ` [PATCH v2 1/4] introduce for_each_thread() to replace the buggy while_each_thread() Oleg Nesterov
2013-12-04 13:28 ` Frederic Weisbecker [this message]
2013-12-04 13:49 ` Oleg Nesterov
2013-12-04 14:17 ` Frederic Weisbecker
2013-12-04 15:27 ` Oleg Nesterov
2013-12-05 0:58 ` David Rientjes
2013-12-05 18:16 ` Oleg Nesterov
2013-12-05 23:23 ` David Rientjes
2013-12-04 13:04 ` [PATCH v2 2/4] oom_kill: change oom_kill.c to use for_each_thread() Oleg Nesterov
2013-12-04 15:37 ` Michal Hocko
2013-12-05 0:39 ` David Rientjes
2013-12-04 13:04 ` [PATCH v2 3/4] oom_kill: has_intersects_mems_allowed() needs rcu_read_lock() Oleg Nesterov
2013-12-04 15:37 ` Michal Hocko
2013-12-05 0:41 ` David Rientjes
2013-12-04 13:04 ` [PATCH v2 4/4] oom_kill: add rcu_read_lock() into find_lock_task_mm() Oleg Nesterov
2013-12-04 15:40 ` Michal Hocko
2013-12-05 0:42 ` David Rientjes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131204132828.GC4530@localhost.localdomain \
--to=fweisbec@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=dserrg@gmail.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.cz \
--cc=msb@chromium.org \
--cc=oleg@redhat.com \
--cc=rientjes@google.com \
--cc=snanda@chromium.org \
--cc=xiaobing.tu@intel.com \
--cc=xindong.ma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox