From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, "Gu Zheng" <guz.fnst@cn.fujitsu.com>,
"Li Zefan" <lizefan@huawei.com>, "Tejun Heo" <tj@kernel.org>
Subject: [PATCH 3.2 14/94] cpuset,mempolicy: fix sleeping function called from invalid context
Date: Mon, 04 Aug 2014 17:48:31 +0100 [thread overview]
Message-ID: <lsq.1407170911.30839747@decadent.org.uk> (raw)
In-Reply-To: <lsq.1407170911.107020799@decadent.org.uk>
3.2.62-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Gu Zheng <guz.fnst@cn.fujitsu.com>
commit 391acf970d21219a2a5446282d3b20eace0c0d7a upstream.
When runing with the kernel(3.15-rc7+), the follow bug occurs:
[ 9969.258987] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:586
[ 9969.359906] in_atomic(): 1, irqs_disabled(): 0, pid: 160655, name: python
[ 9969.441175] INFO: lockdep is turned off.
[ 9969.488184] CPU: 26 PID: 160655 Comm: python Tainted: G A 3.15.0-rc7+ #85
[ 9969.581032] Hardware name: FUJITSU-SV PRIMEQUEST 1800E/SB, BIOS PRIMEQUEST 1000 Series BIOS Version 1.39 11/16/2012
[ 9969.706052] ffffffff81a20e60 ffff8803e941fbd0 ffffffff8162f523 ffff8803e941fd18
[ 9969.795323] ffff8803e941fbe0 ffffffff8109995a ffff8803e941fc58 ffffffff81633e6c
[ 9969.884710] ffffffff811ba5dc ffff880405c6b480 ffff88041fdd90a0 0000000000002000
[ 9969.974071] Call Trace:
[ 9970.003403] [<ffffffff8162f523>] dump_stack+0x4d/0x66
[ 9970.065074] [<ffffffff8109995a>] __might_sleep+0xfa/0x130
[ 9970.130743] [<ffffffff81633e6c>] mutex_lock_nested+0x3c/0x4f0
[ 9970.200638] [<ffffffff811ba5dc>] ? kmem_cache_alloc+0x1bc/0x210
[ 9970.272610] [<ffffffff81105807>] cpuset_mems_allowed+0x27/0x140
[ 9970.344584] [<ffffffff811b1303>] ? __mpol_dup+0x63/0x150
[ 9970.409282] [<ffffffff811b1385>] __mpol_dup+0xe5/0x150
[ 9970.471897] [<ffffffff811b1303>] ? __mpol_dup+0x63/0x150
[ 9970.536585] [<ffffffff81068c86>] ? copy_process.part.23+0x606/0x1d40
[ 9970.613763] [<ffffffff810bf28d>] ? trace_hardirqs_on+0xd/0x10
[ 9970.683660] [<ffffffff810ddddf>] ? monotonic_to_bootbased+0x2f/0x50
[ 9970.759795] [<ffffffff81068cf0>] copy_process.part.23+0x670/0x1d40
[ 9970.834885] [<ffffffff8106a598>] do_fork+0xd8/0x380
[ 9970.894375] [<ffffffff81110e4c>] ? __audit_syscall_entry+0x9c/0xf0
[ 9970.969470] [<ffffffff8106a8c6>] SyS_clone+0x16/0x20
[ 9971.030011] [<ffffffff81642009>] stub_clone+0x69/0x90
[ 9971.091573] [<ffffffff81641c29>] ? system_call_fastpath+0x16/0x1b
The cause is that cpuset_mems_allowed() try to take
mutex_lock(&callback_mutex) under the rcu_read_lock(which was hold in
__mpol_dup()). And in cpuset_mems_allowed(), the access to cpuset is
under rcu_read_lock, so in __mpol_dup, we can reduce the rcu_read_lock
protection region to protect the access to cpuset only in
current_cpuset_is_being_rebound(). So that we can avoid this bug.
This patch is a temporary solution that just addresses the bug
mentioned above, can not fix the long-standing issue about cpuset.mems
rebinding on fork():
"When the forker's task_struct is duplicated (which includes
->mems_allowed) and it races with an update to cpuset_being_rebound
in update_tasks_nodemask() then the task's mems_allowed doesn't get
updated. And the child task's mems_allowed can be wrong if the
cpuset's nodemask changes before the child has been added to the
cgroup's tasklist."
Signed-off-by: Gu Zheng <guz.fnst@cn.fujitsu.com>
Acked-by: Li Zefan <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
kernel/cpuset.c | 8 +++++++-
mm/mempolicy.c | 2 --
2 files changed, 7 insertions(+), 3 deletions(-)
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -1152,7 +1152,13 @@ done:
int current_cpuset_is_being_rebound(void)
{
- return task_cs(current) == cpuset_being_rebound;
+ int ret;
+
+ rcu_read_lock();
+ ret = task_cs(current) == cpuset_being_rebound;
+ rcu_read_unlock();
+
+ return ret;
}
static int update_relax_domain_level(struct cpuset *cs, s64 val)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1983,7 +1983,6 @@ struct mempolicy *__mpol_dup(struct memp
} else
*new = *old;
- rcu_read_lock();
if (current_cpuset_is_being_rebound()) {
nodemask_t mems = cpuset_mems_allowed(current);
if (new->flags & MPOL_F_REBINDING)
@@ -1991,7 +1990,6 @@ struct mempolicy *__mpol_dup(struct memp
else
mpol_rebind_policy(new, &mems, MPOL_REBIND_ONCE);
}
- rcu_read_unlock();
atomic_set(&new->refcnt, 1);
return new;
}
next prev parent reply other threads:[~2014-08-04 16:48 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-04 16:48 [PATCH 3.2 00/94] 3.2.62-rc1 review Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 22/94] iwlwifi: dvm: don't enable CTS to self Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 13/94] ibmvscsi: Add memory barriers for send / receive Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 12/94] ibmvscsi: Abort init sequence during error recovery Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 16/94] nfsd: fix rare symlink decoding bug Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 02/94] Revert "net: ip, ipv6: handle gso skbs in forwarding path" Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 17/94] tools: ffs-test: fix header values endianess Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 03/94] ARM: OMAP2+: Fix parser-bug in platform muxing code Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 05/94] KVM: x86: preserve the high 32-bits of the PAT register Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 23/94] drm/vmwgfx: Fix incorrect write to read-only register v2: Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 21/94] xen/manage: fix potential deadlock when resuming the console Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 26/94] ext4: clarify error count warning messages Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 11/94] xhci: Fix runtime suspended xhci from blocking system suspend Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 20/94] md: flush writes before starting a recovery Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 15/94] mwifiex: fix Tx timeout issue Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 10/94] xhci: clear root port wake on bits if controller isn't wake-up capable Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 18/94] usb-storage/SCSI: Add broken_fua blacklist flag Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 19/94] perf/x86/intel: ignore CondChgd bit to avoid false NMI handling Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 04/94] KVM: x86: Increase the number of fixed MTRR regs to 10 Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 01/94] Revert "net: ipv4: ip_forward: fix inverted local_df test" Ben Hutchings
2014-08-04 16:48 ` Ben Hutchings [this message]
2014-08-04 16:48 ` [PATCH 3.2 06/94] usb: gadget: f_fs: fix NULL pointer dereference when there are no strings Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 07/94] USB: ftdi_sio: fix null deref at port probe Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 24/94] hwmon: (amc6821) Fix permissions for temp2_input Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 08/94] usb: option: add/modify Olivetti Olicard modems Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 25/94] hwmon: (adm1029) Ensure the fan_div cache is updated in set_fan_div Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 09/94] xhci: correct burst count field for isoc transfers on 1.0 xhci hosts Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 66/94] s390/ptrace: fix PSW mask check Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 70/94] shmem: fix faulting into a hole while it's punched Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 67/94] netfilter: ipt_ULOG: fix info leaks Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 75/94] Score: The commit is for compiling successfully. The modifications include: 1. Kconfig of Score: we don't support ioremap 2. Missed headfile including 3. There are some errors in other people's commit not checked by us, we fix it now 3.1 arch/score/kernel/entry.S: wrong instructions 3.2 arch/score/kernel/process.c : just some typos Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 52/94] hwmon: (adt7470) Fix writes to temperature limit registers Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 28/94] USB: cp210x: add support for Corsair usb dongle Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 44/94] igb: do a reset on SR-IOV re-init if device is down Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 88/94] ceph: fix overflow check in build_snap_context() Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 41/94] hwmon: (emc2103) Clamp limits instead of bailing out Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 46/94] drm/radeon/dp: return -EIO for flags not zero case Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 72/94] shmem: fix splicing from a hole while it's punched Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 42/94] alarmtimer: Fix bug where relative alarm timers were treated as absolute Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 39/94] fuse: timeout comparison fix Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 56/94] 8021q: fix a potential memory leak Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 85/94] mm: hugetlb: fix copy_hugetlb_page_range() Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 51/94] locking/mutex: Disable optimistic spinning on some architectures Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 37/94] ACPI / battery: Retry to get battery information if failed during probing Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 68/94] xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 30/94] ACPI / EC: Add more debug info and trivial code cleanup Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 59/94] net: sctp: fix information leaks in ulpevent layer Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 77/94] alpha: add io{read,write}{16,32}be functions Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 80/94] applicom: dereferencing NULL on error path Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 27/94] ext4: disable synchronous transaction batching if max_batch_time==0 Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 38/94] hwmon: (adm1031) Fix writes to limit registers Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 84/94] crypto: testmgr - update LZO compression test vectors Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 47/94] net/l2tp: don't fall back on UDP [get|set]sockopt Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 92/94] libata: introduce ata_host->n_tags to avoid oops on SAS controllers Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 58/94] appletalk: Fix socket referencing in skb Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 50/94] sched: Fix possible divide by zero in avg_atom() calculation Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 40/94] fuse: handle large user and group ID Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 36/94] ACPI / EC: Fix race condition in ec_transaction_completed() Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 29/94] usb: option: Add ID for Telewell TW-LTE 4G v2 Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 61/94] dns_resolver: assure that dns_query() result is null-terminated Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 76/94] score: Add missing #include <linux/export.h> Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 31/94] ACPI / EC: Ensure lock is acquired before accessing ec struct members Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 94/94] iommu/vt-d: Disable translation if already enabled Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 48/94] ring-buffer: Fix polling on trace_pipe Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 62/94] dns_resolver: Null-terminate the right string Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 90/94] mm: kmemleak: avoid false negatives on vmalloc'ed objects Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 93/94] x86_32, entry: Store badsys error code in %eax Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 57/94] igmp: fix the problem when mc leave group Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 49/94] include/linux/math64.h: add div64_ul() Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 43/94] USB: ftdi_sio: Add extra PID Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 63/94] ipv4: fix buffer overflow in ip_options_compile() Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 86/94] ARM: 7668/1: fix memset-related crashes caused by recent GCC (4.7.2) optimizations Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 79/94] x86-32, espfix: Remove filter for espfix32 due to race Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 82/94] x86, ioremap: Speed up check for RAM pages Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 65/94] nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 53/94] drm/radeon: avoid leaking edid data Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 45/94] dm io: fix a race condition in the wake up code for sync_io Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 73/94] unicore32: add ioremap_nocache definition Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 87/94] ARM: 7670/1: fix the memset fix Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 91/94] libata: support the ata host which implements a queue depth less than 32 Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 35/94] ACPI / EC: Remove duplicated ec_wait_ibf0() waiter Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 33/94] ACPI / EC: Don't count a SCI interrupt as a false one Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 32/94] ACPI / EC: Avoid race condition related to advance_transaction() Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 69/94] xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 54/94] usb: Check if port status is equal to RxDetect Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 81/94] sym53c8xx_2: Set DID_REQUEUE return code when aborting squeue Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 60/94] sunvnet: clean up objects created in vnet_new() on vnet_exit() Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 71/94] shmem: fix faulting into a hole, not taking i_mutex Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 74/94] unicore32: select generic atomic64_t support Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 55/94] tcp: fix tcp_match_skb_to_sack() for unaligned SACK at end of an skb Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 64/94] rtnetlink: fix userspace API breakage for iproute2 < v3.9.0 Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 78/94] score: normalize global variables exported by vmlinux.lds Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 34/94] ACPI / EC: Add asynchronous command byte write support Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 89/94] introduce SIZE_MAX Ben Hutchings
2014-08-04 16:48 ` [PATCH 3.2 83/94] ipvs: stop tot_stats estimator only under CONFIG_SYSCTL Ben Hutchings
2014-08-04 17:21 ` [PATCH 3.2 00/94] 3.2.62-rc1 review Ben Hutchings
2014-08-04 17:55 ` Guenter Roeck
2014-08-04 19:49 ` Ben Hutchings
2014-08-04 20:45 ` Guenter Roeck
2014-09-11 1:28 ` Ben Hutchings
2014-08-06 13:25 ` Satoru Takeuchi
2014-08-06 17:06 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1407170911.30839747@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=guz.fnst@cn.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox