On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
> Shouldn't we just put a task_lock()/task_unlock() around these lines
> and leave everything else as-is?
>
> task_lock(tsk);
> cs = tsk->cpuset;
> tsk->cpuset = _cpuset; /* the_top_cpuset_hack - see above */
>
On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
Shouldn't we just put a task_lock()/task_unlock() around these lines
and leave everything else as-is?
task_lock(tsk);
cs = tsk-cpuset;
tsk-cpuset = top_cpuset; /* the_top_cpuset_hack - see above */
On Thu, Apr 05, 2007 at 12:01:53AM -0700, Paul Menage wrote:
> I don't see how that could happen. Assuming we add the
> task_lock()/task_unlock() in cpuset_exit(), then only one of the two
> threads (either cpuset_exit() or attach_task() ) can copy C1 from
> T1->cpuset and replace it with
On 4/5/07, Srivatsa Vaddagiri <[EMAIL PROTECTED]> wrote:
Hmm yes ..I am surprised we arent doing a synhronize_rcu in
cpuset_rmdir() before dropping the dentry. Did you want to send a patch
for that?
Currently cpuset_exit() isn't in a rcu section so it wouldn't help.
But this ceases to be a
On 4/5/07, Srivatsa Vaddagiri <[EMAIL PROTECTED]> wrote:
On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
> >@@ -1257,8 +1260,8 @@ static int attach_task(struct cpuset *cs
> >
> >put_task_struct(tsk);
> >synchronize_rcu();
> >- if (atomic_dec_and_test(>count))
>
On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
> >@@ -1257,8 +1260,8 @@ static int attach_task(struct cpuset *cs
> >
> >put_task_struct(tsk);
> >synchronize_rcu();
> >- if (atomic_dec_and_test(>count))
> >- check_for_release(oldcs, ppathbuf);
> >+
On 3/26/07, Srivatsa Vaddagiri <[EMAIL PROTECTED]> wrote:
On Sun, Mar 25, 2007 at 12:50:25PM -0700, Paul Jackson wrote:
> Is there perhaps another race here?
Yes, we have!
Modified patch below. Compile/boot tested on a x86_64 box.
Currently cpuset_exit() changes the exiting task's ->cpuset
On 3/26/07, Srivatsa Vaddagiri [EMAIL PROTECTED] wrote:
On Sun, Mar 25, 2007 at 12:50:25PM -0700, Paul Jackson wrote:
Is there perhaps another race here?
Yes, we have!
Modified patch below. Compile/boot tested on a x86_64 box.
Currently cpuset_exit() changes the exiting task's -cpuset
On 4/5/07, Srivatsa Vaddagiri [EMAIL PROTECTED] wrote:
On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
@@ -1257,8 +1260,8 @@ static int attach_task(struct cpuset *cs
put_task_struct(tsk);
synchronize_rcu();
- if (atomic_dec_and_test(oldcs-count))
-
On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
@@ -1257,8 +1260,8 @@ static int attach_task(struct cpuset *cs
put_task_struct(tsk);
synchronize_rcu();
- if (atomic_dec_and_test(oldcs-count))
- check_for_release(oldcs, ppathbuf);
+ if
On Thu, Apr 05, 2007 at 12:01:53AM -0700, Paul Menage wrote:
I don't see how that could happen. Assuming we add the
task_lock()/task_unlock() in cpuset_exit(), then only one of the two
threads (either cpuset_exit() or attach_task() ) can copy C1 from
T1-cpuset and replace it with something
On 4/5/07, Srivatsa Vaddagiri [EMAIL PROTECTED] wrote:
Hmm yes ..I am surprised we arent doing a synhronize_rcu in
cpuset_rmdir() before dropping the dentry. Did you want to send a patch
for that?
Currently cpuset_exit() isn't in a rcu section so it wouldn't help.
But this ceases to be a
> Yes, but the cpuset is not made invisible to userspace (in filesystem)
> yet. So as cpuset_exit() discovers that cpuset B has zero refcount now
> and blocks on mutex_lock(_mutex) [ to do a check_for_release
> later ], someone could have done a attach_task to that cpuset.
Agreed.
--
Yes, but the cpuset is not made invisible to userspace (in filesystem)
yet. So as cpuset_exit() discovers that cpuset B has zero refcount now
and blocks on mutex_lock(manage_mutex) [ to do a check_for_release
later ], someone could have done a attach_task to that cpuset.
Agreed.
--
Quoting Paul Jackson <[EMAIL PROTECTED]>:
vatsa wrote:
Well, someone may have attached to this cpuset while we were waiting on the
mutex_lock(). So we need to do a atomic_read again to ensure it is still
unused.
I don't see how this could happen. If we hold the task lock that now
(thanks to
vatsa wrote:
> Well, someone may have attached to this cpuset while we were waiting on the
> mutex_lock(). So we need to do a atomic_read again to ensure it is still
> unused
pj replied:
> If we hold the task lock that now
> (thanks to your good work) guards this pointer, and if we decrement to
vatsa wrote:
> Well, someone may have attached to this cpuset while we were waiting on the
> mutex_lock(). So we need to do a atomic_read again to ensure it is still
> unused.
I don't see how this could happen. If we hold the task lock that now
(thanks to your good work) guards this pointer,
On Sun, Mar 25, 2007 at 12:50:25PM -0700, Paul Jackson wrote:
> Is there perhaps another race here?
Yes, we have!
Modified patch below. Compile/boot tested on a x86_64 box.
Currently cpuset_exit() changes the exiting task's ->cpuset pointer w/o
taking task_lock(). This can lead to ugly races
On Sun, Mar 25, 2007 at 11:22:15PM +0530, Balbir Singh wrote:
> >+struct cpuset *oldcs_tobe_released = NULL;
>
> How about oldcs_to_be_released?
Yes, I wanted to use that, but my typo I guess.
> >@@ -2242,19 +2241,20 @@ void cpuset_exit(struct task_struct *tsk
> > {
> > struct cpuset
On Sun, Mar 25, 2007 at 11:22:15PM +0530, Balbir Singh wrote:
+struct cpuset *oldcs_tobe_released = NULL;
How about oldcs_to_be_released?
Yes, I wanted to use that, but my typo I guess.
@@ -2242,19 +2241,20 @@ void cpuset_exit(struct task_struct *tsk
{
struct cpuset *cs;
+
On Sun, Mar 25, 2007 at 12:50:25PM -0700, Paul Jackson wrote:
Is there perhaps another race here?
Yes, we have!
Modified patch below. Compile/boot tested on a x86_64 box.
Currently cpuset_exit() changes the exiting task's -cpuset pointer w/o
taking task_lock(). This can lead to ugly races
vatsa wrote:
Well, someone may have attached to this cpuset while we were waiting on the
mutex_lock(). So we need to do a atomic_read again to ensure it is still
unused.
I don't see how this could happen. If we hold the task lock that now
(thanks to your good work) guards this pointer, and
vatsa wrote:
Well, someone may have attached to this cpuset while we were waiting on the
mutex_lock(). So we need to do a atomic_read again to ensure it is still
unused
pj replied:
If we hold the task lock that now
(thanks to your good work) guards this pointer, and if we decrement to
zero
Quoting Paul Jackson [EMAIL PROTECTED]:
vatsa wrote:
Well, someone may have attached to this cpuset while we were waiting on the
mutex_lock(). So we need to do a atomic_read again to ensure it is still
unused.
I don't see how this could happen. If we hold the task lock that now
(thanks to
> How about using a local variable like ref_count and using
>
> ref_count = atomic_dec_and_test(>count); This will avoid the two
> atomic operations, atomic_dec() and atomic_read() below.
This would also seem to address the race I just noticed in my previous
reply.
Though I would suggest that
> + task_lock(tsk);
> cs = tsk->cpuset;
> tsk->cpuset = _cpuset; /* the_top_cpuset_hack - see above */
> + atomic_dec(>count);
> + task_unlock(tsk);
>
> if (notify_on_release(cs)) {
> char *pathbuf = NULL;
>
> mutex_lock(_mutex);
>
Hi, Vatsa,
Srivatsa Vaddagiri wrote:
diff -puN kernel/cpuset.c~cpuset_race_fix kernel/cpuset.c
--- linux-2.6.21-rc4/kernel/cpuset.c~cpuset_race_fix2007-03-25
21:08:27.0 +0530
+++ linux-2.6.21-rc4-vatsa/kernel/cpuset.c 2007-03-25 21:25:05.0
+0530
@@ -1182,6 +1182,7 @@
Currently cpuset_exit() changes the exiting task's ->cpuset pointer w/o
taking task_lock(). This can lead to ugly races between attach_task and
cpuset_exit. Details of the races are described at
http://lkml.org/lkml/2007/3/24/132.
Patch below closes those races. It is against 2.6.21-rc4 and has
Currently cpuset_exit() changes the exiting task's -cpuset pointer w/o
taking task_lock(). This can lead to ugly races between attach_task and
cpuset_exit. Details of the races are described at
http://lkml.org/lkml/2007/3/24/132.
Patch below closes those races. It is against 2.6.21-rc4 and has
Hi, Vatsa,
Srivatsa Vaddagiri wrote:
diff -puN kernel/cpuset.c~cpuset_race_fix kernel/cpuset.c
--- linux-2.6.21-rc4/kernel/cpuset.c~cpuset_race_fix2007-03-25
21:08:27.0 +0530
+++ linux-2.6.21-rc4-vatsa/kernel/cpuset.c 2007-03-25 21:25:05.0
+0530
@@ -1182,6 +1182,7 @@
+ task_lock(tsk);
cs = tsk-cpuset;
tsk-cpuset = top_cpuset; /* the_top_cpuset_hack - see above */
+ atomic_dec(cs-count);
+ task_unlock(tsk);
if (notify_on_release(cs)) {
char *pathbuf = NULL;
mutex_lock(manage_mutex);
-
How about using a local variable like ref_count and using
ref_count = atomic_dec_and_test(cs-count); This will avoid the two
atomic operations, atomic_dec() and atomic_read() below.
This would also seem to address the race I just noticed in my previous
reply.
Though I would suggest that we
32 matches
Mail list logo
