Hi Bruce,
As we discussed before, these patch series intended to fix a potential
kernel crash, which is due to a invalid mm context from worker_create,
and it is introduced by efb5fea2, which is a continuation of efforts
trying to optimize find_vma(), avoiding potentially expensive rbtree
walks to locate a vma upon faults, and the following is the crash point:
CPU: 4 PID: 26 Comm: kworker/��#< Not tainted 3.14.22-WR7.0.0.0_standard #1
task: ffffffc03dd8cd00 ti: ffffffc03ddcc000 task.ti: ffffffc03ddcc000
PC is at 0x3c3e4402
LR is at 0x800000003c3e4402
pc : [<000000003c3e4402>] lr : [<800000003c3e4402>] pstate: 600001c5
sp : ffffffc03ddcfbf0
x29: ffffffc03ddcfbf0 x28: ffffffc000692128
x27: 0000000000000000 x26: ffffffc000a79000
x25: ffffffc00095c0d8 x24: ffffffc00092bcc0
x23: 800000003c23a202 x22: ffffffc03ddcc000
x21: ffffffc03dd8cd00 x20: ffffffc03dd8cd00
x19: ffffffc03dce9600 x18: 0000000000000000
x17: 0000007f86f1b180 x16: 0000000000000000
x15: 0000000000000000 x14: 0000000000000c00
x13: ffffffc039e8b580 x12: ffffffc00081b050
x11: 0000000000000400 x10: ffffffc000000000
x9 : ffffffc03ddcfbf0 x8 : ffffffc03dd8d240
x7 : 0000000000080068 x6 : 0000000000000007
x5 : ffffffc03c159678 x4 : 0000000000000001
x3 : 0000000000000002 x2 : ffffffc03aae0c00
x1 : ffffffc03dd8cd00 x0 : ffffffc03c159600
Process kworker/��#< (pid: 26, stack limit = 0xffffffc03ddcc058)
Stack: (0xffffffc03ddcfbf0 to 0xffffffc03ddd0000)
fbe0: 3ddcfc10 ffffffc0 00691cc0 ffffffc0
fc00: 3ff5dcc0 ffffffc0 3dce9600 ffffffc0 3ddcfdb0 ffffffc0 00692128 ffffffc0
fc20: 3dc70080 ffffffc0 3dc700b0 ffffffc0 3ff5d918 ffffffc0 3ff5d900 ffffffc0
fc40: 3ddcc000 ffffffc0 fffffef7 00000000 009b4b33 ffffffc0 00808158 ffffffc0
fc60: 00000001 00000000 00000000 00000000 00809940 ffffffc0 009b4b71 ffffffc0
fc80: 0092bcc0 ffffffc0 3dce9600 ffffffc0 3dc5c240 ffffffc0 009c0f48 ffffffc0
fca0: 00804e48 ffffffc0 3dc70080 ffffffc0 000b069c ffffffc0 00000000 00000000
fcc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
fce0: 00809940 ffffffc0 009b4b71 ffffffc0 0092bcc0 ffffffc0 3dcabaf0 ffffffc0
fd00: 00000000 00000000 00000000 00000000 00000003 00000000 00000001 00000000
fd20: 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
fd40: 00000000 00000000 00000003 00000000 3ddcfd80 ffffffc0 000d5ea4 ffffffc0
fd60: 3dcabad8 ffffffc0 00000000 00000000 00000003 00000000 00000000 00000000
fd80: 3ddcfda0 ffffffc0 006957c8 ffffffc0 3ff5d900 ffffffc0 3dcabae0 ffffffc0
fda0: 3ddcfdc0 ffffffc0 000b0940 ffffffc0 3ddcfdc0 ffffffc0 000b0944 ffffffc0
fdc0: 3ddcfe30 ffffffc0 000b7300 ffffffc0 3dc5c240 ffffffc0 009c0f48 ffffffc0
fde0: 00804e48 ffffffc0 3dc70080 ffffffc0 000b069c ffffffc0 00000000 00000000
fe00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
fe20: 00804e48 ffffffc0 3dc70080 ffffffc0 00000000 00000000 00083950 ffffffc0
fe40: 000b7224 ffffffc0 3dc5c240 ffffffc0 00000000 00000000 00000000 00000000
fe60: 00000000 00000000 3dc5c240 ffffffc0 00000000 00000000 00000000 00000000
fe80: 00000000 00000000 3dc70080 ffffffc0 00000000 00000000 00000000 00000000
fea0: 3ddcfea0 ffffffc0 3ddcfea0 ffffffc0 00000000 ffffffc0 00000000 00000000
fec0: 3ddcfec0 ffffffc0 3ddcfec0 ffffffc0 00000000 00000000 00000000 00000000
fee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ff00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ff20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ff40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ff60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ff80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ffa0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000005 00000000
ffe0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Call trace:
[<000000003c3e4402>] 0x3c3e4402
[<ffffffc000691cbc>] __schedule+0x23c/0x678
[<ffffffc000692124>] schedule+0x2c/0x80
[<ffffffc0000b0940>] worker_thread+0x2a4/0x3c8
[<ffffffc0000b72fc>] kthread+0xd8/0xf0
Code: bad PC value
So I think 3.14.x still needs these patches as well, you can easily cherry
pick up from mainline according to commit IDs.
Remaining Changes (diffstat):
-----------------------------
kernel/workqueue.c | 253 ++++++++++++++-----------------------------
kernel/workqueue_internal.h | 2 +
Cheers,
Zumeng
commit 5fdfd3872c0faea4a9b60ad29c7d1a2500875c6c
Author: Lai Jiangshan <la...@cn.fujitsu.com>
Date: Tue May 20 17:46:27 2014 +0800
workqueue: use manager lock only to protect worker_idr
worker_idr is highly bound to managers and is always/only accessed in
manager
lock context. So we don't need pool->lock for it.
Signed-off-by: Lai Jiangshan <la...@cn.fujitsu.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
(cherry picked from commit 9625ab1727743f6a164df26b7b1eeeced7380b42)
commit 2517907f496b1ef8b2a2d169cc65524797826c8b
Author: Lai Jiangshan <la...@cn.fujitsu.com>
Date: Tue May 20 17:46:28 2014 +0800
workqueue: destroy_worker() should destroy idle workers only
We used to have the CPU online failure path where a worker is created
and then destroyed without being started. A worker was created for
the CPU coming online and if the online operation failed the created worker
was shut down without being started. But this behavior was changed.
The first worker is created and started at the same time for the CPU coming
online.
It means that we had already ensured in the code that destroy_worker()
destroys only idle workers and we don't want to allow it to destroy
any non-idle worker in the future. Otherwise, it may be buggy and it
may be extremely hard to check. We should force destroy_worker() to
destroy only idle workers explicitly.
Since destroy_worker() destroys only idle workers, this patch does not
change any functionality. We just need to update the comments and the
sanity check code.
In the sanity check code, we will refuse to destroy the worker
if !(worker->flags & WORKER_IDLE).
If the worker entered idle which means it is already started,
so we remove the check of "worker->flags & WORKER_STARTED",
after this removal, WORKER_STARTED is totally unneeded,
so we remove WORKER_STARTED too.
In the comments for create_worker(), "Create a new worker which is bound..."
is changed to "... which is attached..." due to we change the name of this
behavior to attaching.
tj: Minor description / comment updates.
Signed-off-by: Lai Jiangshan <la...@cn.fujitsu.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
(cherry picked from commit 73eb7fe73ae303996187fff38b1c162f1df0e9d1)
commit c73f6d0eae4a192b59ee8348bf1fd86ad8635e11
Author: Lai Jiangshan <la...@cn.fujitsu.com>
Date: Tue May 20 17:46:29 2014 +0800
workqueue: async worker destruction
worker destruction includes these parts of code:
adjust pool's stats
remove the worker from idle list
detach the worker from the pool
kthread_stop() to wait for the worker's task exit
free the worker struct
We can find out that there is no essential work to do after
kthread_stop(), which means destroy_worker() doesn't need to wait for
the worker's task exit, so we can remove kthread_stop() and free the
worker struct in the worker exiting path.
However, put_unbound_pool() still needs to sync the all the workers'
destruction before destroying the pool; otherwise, the workers may
access to the invalid pool when they are exiting.
So we also move the code of "detach the worker" to the exiting
path and let put_unbound_pool() to sync with this code via
detach_completion.
The code of "detach the worker" is wrapped in a new function
"worker_detach_from_pool()" although worker_detach_from_pool() is only
called once (in worker_thread()) after this patch, but we need to wrap
it for these reasons:
1) The code of "detach the worker" is not short enough to unfold them
in worker_thread().
2) the name of "worker_detach_from_pool()" is self-comment, and we add
some comments above the function.
3) it will be shared by rescuer in later patch which allows rescuer
and normal thread use the same attach/detach frameworks.
The worker id is freed when detaching which happens before the worker
is fully dead, but this id of the dying worker may be re-used for a
new worker, so the dying worker's task name is changed to
"worker/dying" to avoid two or several workers having the same name.
Since "detach the worker" is moved out from destroy_worker(),
destroy_worker() doesn't require manager_mutex, so the
"lockdep_assert_held(&pool->manager_mutex)" in destroy_worker() is
removed, and destroy_worker() is not protected by manager_mutex in
put_unbound_pool().
tj: Minor description updates.
Signed-off-by: Lai Jiangshan <la...@cn.fujitsu.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
(cherry picked from commit 60f5a4bcf852b5dec698b08cd34efc302ea72f2b)
commit ddc0fbfbb38448a91f1df0936e1e1b8a3580b5f2
Author: Lai Jiangshan <la...@cn.fujitsu.com>
Date: Tue May 20 17:46:30 2014 +0800
workqueue: destroy worker directly in the idle timeout handler
Since destroy_worker() doesn't need to sleep nor require manager_mutex,
destroy_worker() can be directly called in the idle timeout
handler, it helps us remove POOL_MANAGE_WORKERS and
maybe_destroy_worker() and simplify the manage_workers()
After POOL_MANAGE_WORKERS is removed, worker_thread() doesn't
need to test whether it needs to manage after processed works.
So we can remove the test branch.
Signed-off-by: Lai Jiangshan <la...@cn.fujitsu.com>
(cherry picked from commit 3347fc9f36e7e5d3ebe504fc4034745b5d8971d3)
commit cdc88667d3dc37b7b96ba81a42c3df2748011669
Author: Lai Jiangshan <la...@cn.fujitsu.com>
Date: Tue May 20 17:46:31 2014 +0800
workqueue: separate iteration role from worker_idr
worker_idr has the iteration (iterating for attached workers) and
worker ID duties. These two duties don't have to be tied together. We
can separate them and use a list for tracking attached workers and
iteration.
Before this separation, it wasn't possible to add rescuer workers to
worker_idr due to rescuer workers couldn't allocate ID dynamically
because ID-allocation depends on memory-allocation, which rescuer
can't depend on.
After separation, we can easily add the rescuer workers to the list for
iteration without any memory-allocation. It is required when we attach
the rescuer worker to the pool in later patch.
tj: Minor description updates.
Signed-off-by: Lai Jiangshan <la...@cn.fujitsu.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
(cherry picked from commit da028469ba173e9c634b6ecf80bb0c69c7d1024d)
commit 5d4c1dcb75c3d35ced37abe14eff78b50a26b0b8
Author: Lai Jiangshan <la...@cn.fujitsu.com>
Date: Tue May 20 17:46:32 2014 +0800
workqueue: convert worker_idr to worker_ida
We no longer iterate workers via worker_idr and worker_idr is used
only for allocating/freeing ID, so we can convert it to worker_ida.
By using ida_simple_get/remove(), worker_ida doesn't require external
synchronization, so we don't need manager_mutex to protect it and the
ID-removal code is allowed to be moved out from
worker_detach_from_pool().
In a later patch, worker_detach_from_pool() will be used in rescuers
which don't have IDs, so we move the ID-removal code out from
worker_detach_from_pool() into worker_thread().
tj: Minor description updates.
Signed-off-by: Lai Jiangshan <la...@cn.fujitsu.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
(cherry picked from commit 7cda9aae0596d871a8d7a6888d7b447c60e5ab30)
commit b485a459e5370c52cdf64707bf839d3e26963495
Author: Lai Jiangshan <la...@cn.fujitsu.com>
Date: Tue May 20 17:46:33 2014 +0800
workqueue: narrow the protection range of manager_mutex
In create_worker(), as pool->worker_ida now uses
ida_simple_get()/ida_simple_put() and doesn't require external
synchronization, it doesn't need manager_mutex.
struct worker allocation and kthread allocation are not visible by any
one before attached, so they don't need manager_mutex either.
The above operations are before the attaching operation which attaches
the worker to the pool. Between attaching and starting the worker, the
worker is already attached to the pool, so the cpu hotplug will handle
cpu-binding for the worker correctly and we don't need the
manager_mutex after attaching.
The conclusion is that only the attaching operation needs manager_mutex,
so we narrow the protection section of manager_mutex in create_worker().
Some comments about manager_mutex are removed, because we will rename
it to attach_mutex and add worker_attach_to_pool() later which will be
self-explanatory.
tj: Minor description updates.
Signed-off-by: Lai Jiangshan <la...@cn.fujitsu.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
(cherry picked from commit 4d757c5c81edba2052aae10d5b36dfcb9902b141)
--
_______________________________________________
linux-yocto mailing list
linux-yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/linux-yocto
