On Thursday 13 April 2006 16:24, Andrew Morton wrote:
> Dave Peterson <[email protected]> wrote:
> > The patch below fixes some mm_struct reference counting bugs in
> > badness().
>
> hm, OK, afaict the code _is_ racy.
>
> But you're now calling mmput() inside read_lock(&tasklist_lock), and
> mmput() can sleep in exit_aio() or in exit_mmap()->unmap_vmas(). So
> sterner stuff will be needed.
>
> I'll put a might_sleep() into mmput - it's a bit unexpected.
Hmm... fixing this looks rather tricky. If get_task_mm()/mmput() was
only being done on a single mm_struct then I suppose badness() could
do something a bit ugly like passing the reference back to its caller
and letting the caller do the mmput() once tasklist_lock is no longer
held. However here we are iterating over a bunch of child tasks,
potentially doing a get_task_mm()/mmput() for a number of them.
I have a suggestion for a possible solution. Currently mmput() is
implemented as follows:
01 void mmput(struct mm_struct *mm)
02 {
03 if (atomic_dec_and_lock(&mm->mm_users, &mmlist_lock)) {
04 list_del(&mm->mmlist);
05 mmlist_nr--;
06 spin_unlock(&mmlist_lock);
07 exit_aio(mm);
08 exit_mmap(mm);
09 put_swap_token(mm);
10 mmdrop(mm);
11 }
12 }
Suppose we replace lines 07-10 with a little piece of code that adds
the mm_struct to a list. Then a kernel thread empties the list
(perhaps via the work queue mechanism), doing the stuff in lines
07-10 for each mm_struct. This would eliminate the possibility of
mmput() sleeping, potentially making things easier for other callers
of mmput() and causing fewer surprises. Any comments?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
