On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
> Shouldn't we just put a task_lock()/task_unlock() around these lines
> and leave everything else as-is?
>
> task_lock(tsk);
> cs = tsk->cpuset;
> tsk->cpuset = &top_cpuset; /* the_top_cpuset_hack - see above */
>
On Thu, Apr 05, 2007 at 12:01:53AM -0700, Paul Menage wrote:
> I don't see how that could happen. Assuming we add the
> task_lock()/task_unlock() in cpuset_exit(), then only one of the two
> threads (either cpuset_exit() or attach_task() ) can copy C1 from
> T1->cpuset and replace it with something
On 4/5/07, Srivatsa Vaddagiri <[EMAIL PROTECTED]> wrote:
Hmm yes ..I am surprised we arent doing a synhronize_rcu in
cpuset_rmdir() before dropping the dentry. Did you want to send a patch
for that?
Currently cpuset_exit() isn't in a rcu section so it wouldn't help.
But this ceases to be a pr
On 4/5/07, Srivatsa Vaddagiri <[EMAIL PROTECTED]> wrote:
On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
> >@@ -1257,8 +1260,8 @@ static int attach_task(struct cpuset *cs
> >
> >put_task_struct(tsk);
> >synchronize_rcu();
> >- if (atomic_dec_and_test(&oldcs->cou
On Wed, Apr 04, 2007 at 10:55:01PM -0700, Paul Menage wrote:
> >@@ -1257,8 +1260,8 @@ static int attach_task(struct cpuset *cs
> >
> >put_task_struct(tsk);
> >synchronize_rcu();
> >- if (atomic_dec_and_test(&oldcs->count))
> >- check_for_release(oldcs, ppathbuf);
On 3/26/07, Srivatsa Vaddagiri <[EMAIL PROTECTED]> wrote:
On Sun, Mar 25, 2007 at 12:50:25PM -0700, Paul Jackson wrote:
> Is there perhaps another race here?
Yes, we have!
Modified patch below. Compile/boot tested on a x86_64 box.
Currently cpuset_exit() changes the exiting task's ->cpuset po
> Yes, but the cpuset is not made invisible to userspace (in filesystem)
> yet. So as cpuset_exit() discovers that cpuset B has zero refcount now
> and blocks on mutex_lock(&manage_mutex) [ to do a check_for_release
> later ], someone could have done a attach_task to that cpuset.
Agreed.
--
Quoting Paul Jackson <[EMAIL PROTECTED]>:
vatsa wrote:
Well, someone may have attached to this cpuset while we were waiting on the
mutex_lock(). So we need to do a atomic_read again to ensure it is still
unused.
I don't see how this could happen. If we hold the task lock that now
(thanks to y
vatsa wrote:
> Well, someone may have attached to this cpuset while we were waiting on the
> mutex_lock(). So we need to do a atomic_read again to ensure it is still
> unused
pj replied:
> If we hold the task lock that now
> (thanks to your good work) guards this pointer, and if we decrement to
>
vatsa wrote:
> Well, someone may have attached to this cpuset while we were waiting on the
> mutex_lock(). So we need to do a atomic_read again to ensure it is still
> unused.
I don't see how this could happen. If we hold the task lock that now
(thanks to your good work) guards this pointer, and
On Sun, Mar 25, 2007 at 12:50:25PM -0700, Paul Jackson wrote:
> Is there perhaps another race here?
Yes, we have!
Modified patch below. Compile/boot tested on a x86_64 box.
Currently cpuset_exit() changes the exiting task's ->cpuset pointer w/o
taking task_lock(). This can lead to ugly races b
On Sun, Mar 25, 2007 at 11:22:15PM +0530, Balbir Singh wrote:
> >+struct cpuset *oldcs_tobe_released = NULL;
>
> How about oldcs_to_be_released?
Yes, I wanted to use that, but my typo I guess.
> >@@ -2242,19 +2241,20 @@ void cpuset_exit(struct task_struct *tsk
> > {
> > struct cpuset *cs
> How about using a local variable like ref_count and using
>
> ref_count = atomic_dec_and_test(&cs->count); This will avoid the two
> atomic operations, atomic_dec() and atomic_read() below.
This would also seem to address the race I just noticed in my previous
reply.
Though I would suggest tha
> + task_lock(tsk);
> cs = tsk->cpuset;
> tsk->cpuset = &top_cpuset; /* the_top_cpuset_hack - see above */
> + atomic_dec(&cs->count);
> + task_unlock(tsk);
>
> if (notify_on_release(cs)) {
> char *pathbuf = NULL;
>
> mutex_lock(&ma
Hi, Vatsa,
Srivatsa Vaddagiri wrote:
diff -puN kernel/cpuset.c~cpuset_race_fix kernel/cpuset.c
--- linux-2.6.21-rc4/kernel/cpuset.c~cpuset_race_fix2007-03-25
21:08:27.0 +0530
+++ linux-2.6.21-rc4-vatsa/kernel/cpuset.c 2007-03-25 21:25:05.0
+0530
@@ -1182,6 +1182,7 @@
Currently cpuset_exit() changes the exiting task's ->cpuset pointer w/o
taking task_lock(). This can lead to ugly races between attach_task and
cpuset_exit. Details of the races are described at
http://lkml.org/lkml/2007/3/24/132.
Patch below closes those races. It is against 2.6.21-rc4 and has u
16 matches
Mail list logo
