From: ebiederm+eric@ccr.net (Eric W. Biederman)
To: Andrea Arcangeli <andrea@e-mind.com>
Cc: "Eric W. Biederman" <ebiederm+eric@ccr.net>, linux-mm@kvack.org
Subject: Re: [patch] fixed both processes in D state and the /proc/ oopses [Re: [patch] Fixed the race that was oopsing Linux-2.2.0]
Date: 30 Jan 1999 14:32:06 -0600 [thread overview]
Message-ID: <m1yamkv6wp.fsf@flinx.ccr.net> (raw)
In-Reply-To: Andrea Arcangeli's message of "Sat, 30 Jan 1999 16:42:40 +0100 (CET)"
>>>>> "AA" == Andrea Arcangeli <andrea@e-mind.com> writes:
AA> On 29 Jan 1999, Eric W. Biederman wrote:
AA> unlock_kernel();
AA> ^^
AA> if (tsk->mm && tsk->mm != &init_mm)
AA> {
AA> mdelay(2000000000000000000);
AA> mmget();
AA> }
>>
>> This would need to say.
>> mm = tsk->mm;
>> mmget(mm);
>> if (mm != &init_mm) {
>> /* xyz */
>> }
AA> This is not enough to avoid races. I supposed to _not_ have the big kernel
AA> lock held. The point is _where_ you do mmget() and so _where_ you do
AA> mm-> count++. If current!=tsk and you don't have the big kernel lock held,
AA> you can risk to do a mm->count++ on a random kernel memory because mmput()
AA> run from __exit_mm() from the tsk context in the meantime on the other
AA> CPU.
I have a count incremented on the task so the task_struct won't go away.
tsk->mm at any point in time _always_ points to a valid mm.
(A new mm is assigned before the old mm is put)/
That does appear to leave a small race in my code. That of having a pointer
to a valid mm, which is reallocated before the count can be incremented.
Probably a piece of code like:
mm_struct *fetch_tsk_mm(task_struct *tsk)
{
unsinged long flags;
mm_struct *mm;
save_flags(flags);
cli();
do {
mm = tsk->mm;
} while (!atomic_inc_and_test(&mm->count);
restore_flags(flags);
return mm;
}
is needed to make sure the count goes up before the mm can be reallocated.
I'm not an expert on locks, so there may be an even cheaper way of implementing
it.
The point is that:
a) An atomic count is sufficient if you know the mm will be valid while you hold it.
b) Making sure the time you CPU spends between getting the valid mm reference
and incrementing the count on that reference, is smaller than time it takes
for another CPU to put another mm in the task_struct, decrement the mm count, ensure
the caches will see the memory writes in the approrpiate order and then reallocate
the memory.
Is sufficient to say the mm will be valid when the count is incremented.
AA> Tell me if I am misunderstood your email.
In part, and in part I misunderstood the problem.
As far as I can tell the race is so unlikely it should never happen in practice.
But also it is so small there should be ample room for small for a large variety of
solutions. It is an interesting problem, and worth solving well for 2.3.
I am quite certain however that your get_mm_and_lock routine would help not
at all in this case.
Eric
--
To unsubscribe, send a message with 'unsubscribe linux-mm my@address'
in the body to majordomo@kvack.org. For more info on Linux MM,
see: http://humbolt.geo.uu.nl/Linux-MM/
next prev parent reply other threads:[~1999-02-01 21:42 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.3.96.990127123207.15486A-100000@laser.bogus>
[not found] ` <Pine.LNX.3.96.990127131315.19147A-100000@laser.bogus>
1999-01-27 21:38 ` Stephen C. Tweedie
1999-01-27 21:45 ` Linus Torvalds
1999-01-28 1:02 ` Andrea Arcangeli
1999-01-28 2:50 ` Andrea Arcangeli
1999-01-28 4:20 ` [patch] fixed both processes in D state and the /proc/ oopses Tom Holroyd
1999-01-28 6:23 ` Tom Holroyd
1999-01-28 15:09 ` [patch] fixed both processes in D state and the /proc/ oopses [Re: [patch] Fixed the race that was oopsing Linux-2.2.0] Stephen C. Tweedie
1999-01-28 17:54 ` Linus Torvalds
1999-01-28 18:07 ` Stephen C. Tweedie
1999-01-28 18:17 ` Linus Torvalds
1999-01-28 18:25 ` Stephen C. Tweedie
1999-01-28 19:23 ` Alan Cox
1999-01-28 19:11 ` Linus Torvalds
1999-01-28 20:11 ` Alan Cox
1999-01-28 22:33 ` Andrea Arcangeli
1999-01-28 22:53 ` Linus Torvalds
1999-01-29 1:47 ` Andrea Arcangeli
1999-01-29 11:20 ` MOLNAR Ingo
1999-01-29 12:08 ` Andrea Arcangeli
1999-01-29 13:19 ` MOLNAR Ingo
1999-01-29 14:14 ` Andrea Arcangeli
1999-01-29 17:46 ` Theodore Y. Ts'o
1999-01-29 14:13 ` Eric W. Biederman
1999-01-30 15:42 ` Andrea Arcangeli
1999-01-30 20:32 ` Eric W. Biederman [this message]
1999-01-31 1:00 ` Andrea Arcangeli
1999-01-31 8:36 ` Eric W. Biederman
1999-01-31 19:16 ` Andrea Arcangeli
1999-01-31 21:56 ` Eric W. Biederman
1999-01-29 18:24 ` Linus Torvalds
1999-01-28 22:04 ` Andrea Arcangeli
1999-01-29 0:17 ` Linus Torvalds
1999-01-28 17:36 ` Linus Torvalds
1999-01-28 15:05 ` Stephen C. Tweedie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1yamkv6wp.fsf@flinx.ccr.net \
--to=ebiederm+eric@ccr.net \
--cc=andrea@e-mind.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox