From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Mike Galbraith <efault@gmx.de>,
Ingo Molnar <mingo@kernel.org>,
Yong Zhang <yong.zhang0@gmail.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [ 17/27] Revert "sched, autogroup: Stop going ahead if autogroup is disabled"
Date: Thu, 6 Dec 2012 16:59:01 -0800 [thread overview]
Message-ID: <20121207005830.838566702@linuxfoundation.org> (raw)
In-Reply-To: <20121207005825.232489605@linuxfoundation.org>
3.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Galbraith <efault@gmx.de>
commit fd8ef11730f1d03d5d6555aa53126e9e34f52f12 upstream.
This reverts commit 800d4d30c8f20bd728e5741a3b77c4859a613f7c.
Between commits 8323f26ce342 ("sched: Fix race in task_group()") and
800d4d30c8f2 ("sched, autogroup: Stop going ahead if autogroup is
disabled"), autogroup is a wreck.
With both applied, all you have to do to crash a box is disable
autogroup during boot up, then reboot.. boom, NULL pointer dereference
due to commit 800d4d30c8f2 not allowing autogroup to move things, and
commit 8323f26ce342 making that the only way to switch runqueues:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff81063ac0>] effective_load.isra.43+0x50/0x90
Pid: 7047, comm: systemd-user-se Not tainted 3.6.8-smp #7 MEDIONPC MS-7502/MS-7502
RIP: effective_load.isra.43+0x50/0x90
Process systemd-user-se (pid: 7047, threadinfo ffff880221dde000, task ffff88022618b3a0)
Call Trace:
select_task_rq_fair+0x255/0x780
try_to_wake_up+0x156/0x2c0
wake_up_state+0xb/0x10
signal_wake_up+0x28/0x40
complete_signal+0x1d6/0x250
__send_signal+0x170/0x310
send_signal+0x40/0x80
do_send_sig_info+0x47/0x90
group_send_sig_info+0x4a/0x70
kill_pid_info+0x3a/0x60
sys_kill+0x97/0x1a0
? vfs_read+0x120/0x160
? sys_read+0x45/0x90
system_call_fastpath+0x16/0x1b
Code: 49 0f af 41 50 31 d2 49 f7 f0 48 83 f8 01 48 0f 46 c6 48 2b 07 48 8b bf 40 01 00 00 48 85 ff 74 3a 45 31 c0 48 8b 8f 50 01 00 00 <48> 8b 11 4c 8b 89 80 00 00 00 49 89 d2 48 01 d0 45 8b 59 58 4c
RIP [<ffffffff81063ac0>] effective_load.isra.43+0x50/0x90
RSP <ffff880221ddfbd8>
CR2: 0000000000000000
Signed-off-by: Mike Galbraith <efault@gmx.de>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Yong Zhang <yong.zhang0@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/auto_group.c | 4 ----
kernel/sched/auto_group.h | 5 -----
2 files changed, 9 deletions(-)
--- a/kernel/sched/auto_group.c
+++ b/kernel/sched/auto_group.c
@@ -143,15 +143,11 @@ autogroup_move_group(struct task_struct
p->signal->autogroup = autogroup_kref_get(ag);
- if (!ACCESS_ONCE(sysctl_sched_autogroup_enabled))
- goto out;
-
t = p;
do {
sched_move_task(t);
} while_each_thread(p, t);
-out:
unlock_task_sighand(p, &flags);
autogroup_kref_put(prev);
}
--- a/kernel/sched/auto_group.h
+++ b/kernel/sched/auto_group.h
@@ -4,11 +4,6 @@
#include <linux/rwsem.h>
struct autogroup {
- /*
- * reference doesn't mean how many thread attach to this
- * autogroup now. It just stands for the number of task
- * could use this autogroup.
- */
struct kref kref;
struct task_group *tg;
struct rw_semaphore lock;
next prev parent reply other threads:[~2012-12-07 0:59 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-07 0:58 [ 00/27] 3.6.10-stable review Greg Kroah-Hartman
2012-12-07 0:58 ` [ 01/27] Dove: Attempt to fix PMU/RTC interrupts Greg Kroah-Hartman
2012-12-07 0:58 ` [ 02/27] Dove: Fix irq_to_pmu() Greg Kroah-Hartman
2012-12-07 0:58 ` [ 03/27] drm/radeon/dce4+: dont use radeon_crtc for vblank callback Greg Kroah-Hartman
2012-12-07 0:58 ` [ 04/27] drm/radeon: properly handle mc_stop/mc_resume on evergreen+ (v2) Greg Kroah-Hartman
2012-12-07 0:58 ` [ 05/27] drm/radeon: properly track the crtc not_enabled case evergreen_mc_stop() Greg Kroah-Hartman
2012-12-07 0:58 ` [ 06/27] mm/vmemmap: fix wrong use of virt_to_page Greg Kroah-Hartman
2012-12-07 0:58 ` [ 07/27] mm: vmscan: fix endless loop in kswapd balancing Greg Kroah-Hartman
2012-12-07 0:58 ` [ 08/27] mm: soft offline: split thp at the beginning of soft_offline_page() Greg Kroah-Hartman
2012-12-07 0:58 ` [ 09/27] target: Fix handling of aborted commands Greg Kroah-Hartman
2012-12-07 0:58 ` [ 10/27] iwlwifi: fix the basic CCK rates calculation Greg Kroah-Hartman
2012-12-07 0:58 ` [ 11/27] ARM: Kirkwood: Update PCI-E fixup Greg Kroah-Hartman
2012-12-07 0:58 ` [ 12/27] x86, fpu: Avoid FPU lazy restore after suspend Greg Kroah-Hartman
2012-12-07 0:58 ` [ 13/27] workqueue: exit rescuer_thread() as TASK_RUNNING Greg Kroah-Hartman
2012-12-07 0:58 ` [ 14/27] mac80211: fix remain-on-channel (non-)cancelling Greg Kroah-Hartman
2012-12-07 0:58 ` [ 15/27] md/raid1{,0}: fix deadlock in bitmap_unplug Greg Kroah-Hartman
2012-12-07 0:59 ` [ 16/27] i7300_edac: Fix error flag testing Greg Kroah-Hartman
2012-12-07 0:59 ` Greg Kroah-Hartman [this message]
2012-12-07 17:22 ` [ 17/27] Revert "sched, autogroup: Stop going ahead if autogroup is disabled" Joseph Salisbury
2012-12-07 17:30 ` Joseph Salisbury
2012-12-09 23:41 ` Ben Hutchings
2012-12-07 17:31 ` Greg Kroah-Hartman
2012-12-07 17:43 ` Joseph Salisbury
2012-12-07 0:59 ` [ 18/27] bnx2x: remove redundant warning log Greg Kroah-Hartman
2012-12-07 0:59 ` [ 19/27] i7core_edac: fix panic when accessing sysfs files Greg Kroah-Hartman
2012-12-07 0:59 ` [ 20/27] s390/mm: have 16 byte aligned struct pages Greg Kroah-Hartman
2012-12-07 10:00 ` Heiko Carstens
2012-12-07 15:07 ` Greg Kroah-Hartman
2012-12-07 0:59 ` [ 21/27] net: qmi_wwan: adding more ZTE devices Greg Kroah-Hartman
2012-12-07 0:59 ` [ 22/27] net: qmi_wwan: add Huawei E173 Greg Kroah-Hartman
2012-12-07 0:59 ` [ 23/27] ACPI: missing break Greg Kroah-Hartman
2012-12-07 0:59 ` [ 24/27] i915: Quirk no_lvds on Gigabyte GA-D525TUD ITX motherboard Greg Kroah-Hartman
2012-12-07 4:36 ` Calvin Walton
2012-12-07 16:37 ` Greg Kroah-Hartman
2012-12-07 0:59 ` [ 25/27] drm/i915: Add no-lvds quirk for Supermicro X7SPA-H Greg Kroah-Hartman
2012-12-07 0:59 ` [ 26/27] x86, amd: Disable way access filter on Piledriver CPUs Greg Kroah-Hartman
2012-12-07 0:59 ` [ 27/27] 8139cp: revert "set ring address before enabling receiver" Greg Kroah-Hartman
2012-12-07 13:36 ` [ 00/27] 3.6.10-stable review Holger Hoffstaette
2012-12-08 0:46 ` Shuah Khan
2012-12-08 0:58 ` Shuah Khan
2012-12-08 5:40 ` satoru takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121207005830.838566702@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=a.p.zijlstra@chello.nl \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=efault@gmx.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=yong.zhang0@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).