From: "Stephen C. Tweedie" <sct@redhat.com>
To: Andrea Arcangeli <andrea@e-mind.com>
Cc: Linus Torvalds <torvalds@transmeta.com>,
linux-kernel@vger.rutgers.edu, werner@suse.de, mlord@pobox.com,
"David S. Miller" <davem@dm.cobaltmicro.com>,
gandalf@szene.ch, adamk@3net.net.pl, kiracofe.8@osu.edu,
ksi@ksi-linux.com, djf-lists@ic.net, tomh@taz.ccs.fau.edu,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
linux-mm@kvack.org
Subject: Re: [patch] fixed both processes in D state and the /proc/ oopses [Re: [patch] Fixed the race that was oopsing Linux-2.2.0]
Date: Wed, 27 Jan 1999 21:38:58 GMT [thread overview]
Message-ID: <199901272138.VAA12114@dax.scot.redhat.com> (raw)
In-Reply-To: <Pine.LNX.3.96.990127131315.19147A-100000@laser.bogus>
Hi,
On Wed, 27 Jan 1999 13:15:25 +0100 (CET), Andrea Arcangeli
<andrea@e-mind.com> said:
> - * Fixed a race between mmget() and mmput(): added the mm_lock spinlock in
> - * the task_struct to serialize accesses to the tsk->mm field.
> + * Fixed a race between mmget() and mmput(): added the mm_lock spinlock
> + * to serialize accesses to the tsk->mm field.
I don't buy it, because we've seen these on UP machines too. Besides,
in all of the fork/exit/procfs code paths which look to be relevant to
the reported oopses, we already hold the global kernel lock by the time
we start fiddling with the mm references. Adding yet another spinlock
should make no difference at all to the locking.
I think the real problem is in the new procfs code in fs/proc/array.c
calling mmget()/mmput() the way it does. The get_mm_and_lock() function
tries to be safe, but in a couple of places we do not use it, instead
doing something like:
get_status() {
tsk = grab_task(pid);
task_mem() {
down(&mm->mmap_sem);
/* Walk the vma tree */
up(&mm->mmap_sem);
}
release_task(tsk);
}
grab_task() includes
if (tsk && tsk->mm && tsk->mm != &init_mm)
mmget(tsk->mm);
and release_task does
if (tsk != current && tsk->mm && tsk->mm != &init_mm)
mmput(tsk->mm);
In other words, we are grabbing a task, pinning the mm_struct, blocking
for the mm semaphore and releasing the task's *current* mm_struct, which
is not necessarily the same as it was before we blocked. In particular,
if we catch the process during a fork+exec, then it is perfectly
possible for tsk->mm to change here.
Note that this was not a problem in the original version of this patch
which just copied the task_struct in grab_task(), because that way we
would always be releasing the same mm that we grabbed.
Can anybody give a good reason why we need to block in array.c at all?
I don't see why we need the down/up(&mm->mmap_sem) code, since we should
already hold the global kernel lock and the vma tree should remain
intact while we inspect it as long as we do not drop that lock. If we
do keep that lock intact from beginning to end then we cannot run the
risk of tsk->mm changing out from under our feet.
--Stephen
--
To unsubscribe, send a message with 'unsubscribe linux-mm my@address'
in the body to majordomo@kvack.org. For more info on Linux MM,
see: http://humbolt.geo.uu.nl/Linux-MM/
next parent reply other threads:[~1999-01-27 21:39 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.3.96.990127123207.15486A-100000@laser.bogus>
[not found] ` <Pine.LNX.3.96.990127131315.19147A-100000@laser.bogus>
1999-01-27 21:38 ` Stephen C. Tweedie [this message]
1999-01-27 21:45 ` Linus Torvalds
1999-01-28 1:02 ` Andrea Arcangeli
1999-01-28 2:50 ` Andrea Arcangeli
1999-01-28 4:20 ` [patch] fixed both processes in D state and the /proc/ oopses Tom Holroyd
1999-01-28 6:23 ` Tom Holroyd
1999-01-28 15:09 ` [patch] fixed both processes in D state and the /proc/ oopses [Re: [patch] Fixed the race that was oopsing Linux-2.2.0] Stephen C. Tweedie
1999-01-28 17:54 ` Linus Torvalds
1999-01-28 18:07 ` Stephen C. Tweedie
1999-01-28 18:17 ` Linus Torvalds
1999-01-28 18:25 ` Stephen C. Tweedie
1999-01-28 19:23 ` Alan Cox
1999-01-28 19:11 ` Linus Torvalds
1999-01-28 20:11 ` Alan Cox
1999-01-28 22:33 ` Andrea Arcangeli
1999-01-28 22:53 ` Linus Torvalds
1999-01-29 1:47 ` Andrea Arcangeli
1999-01-29 11:20 ` MOLNAR Ingo
1999-01-29 12:08 ` Andrea Arcangeli
1999-01-29 13:19 ` MOLNAR Ingo
1999-01-29 14:14 ` Andrea Arcangeli
1999-01-29 17:46 ` Theodore Y. Ts'o
1999-01-29 14:13 ` Eric W. Biederman
1999-01-30 15:42 ` Andrea Arcangeli
1999-01-30 20:32 ` Eric W. Biederman
1999-01-31 1:00 ` Andrea Arcangeli
1999-01-31 8:36 ` Eric W. Biederman
1999-01-31 19:16 ` Andrea Arcangeli
1999-01-31 21:56 ` Eric W. Biederman
1999-01-29 18:24 ` Linus Torvalds
1999-01-28 22:04 ` Andrea Arcangeli
1999-01-29 0:17 ` Linus Torvalds
1999-01-28 17:36 ` Linus Torvalds
1999-01-28 15:05 ` Stephen C. Tweedie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=199901272138.VAA12114@dax.scot.redhat.com \
--to=sct@redhat.com \
--cc=adamk@3net.net.pl \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andrea@e-mind.com \
--cc=davem@dm.cobaltmicro.com \
--cc=djf-lists@ic.net \
--cc=gandalf@szene.ch \
--cc=kiracofe.8@osu.edu \
--cc=ksi@ksi-linux.com \
--cc=linux-kernel@vger.rutgers.edu \
--cc=linux-mm@kvack.org \
--cc=mlord@pobox.com \
--cc=tomh@taz.ccs.fau.edu \
--cc=torvalds@transmeta.com \
--cc=werner@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox