Dave Peterson <[email protected]> wrote:
>
> On Thursday 13 April 2006 16:24, Andrew Morton wrote:
> > Dave Peterson <[email protected]> wrote:
> > > The patch below fixes some mm_struct reference counting bugs in
> > > badness().
> >
> > hm, OK, afaict the code _is_ racy.
> >
> > But you're now calling mmput() inside read_lock(&tasklist_lock), and
> > mmput() can sleep in exit_aio() or in exit_mmap()->unmap_vmas(). So
> > sterner stuff will be needed.
> >
> > I'll put a might_sleep() into mmput - it's a bit unexpected.
>
> Hmm... fixing this looks rather tricky. If get_task_mm()/mmput() was
> only being done on a single mm_struct then I suppose badness() could
> do something a bit ugly like passing the reference back to its caller
> and letting the caller do the mmput() once tasklist_lock is no longer
> held. However here we are iterating over a bunch of child tasks,
> potentially doing a get_task_mm()/mmput() for a number of them.
>
> I have a suggestion for a possible solution. Currently mmput() is
> implemented as follows:
>
> 01 void mmput(struct mm_struct *mm)
> 02 {
> 03 if (atomic_dec_and_lock(&mm->mm_users, &mmlist_lock)) {
> 04 list_del(&mm->mmlist);
> 05 mmlist_nr--;
> 06 spin_unlock(&mmlist_lock);
> 07 exit_aio(mm);
> 08 exit_mmap(mm);
> 09 put_swap_token(mm);
> 10 mmdrop(mm);
> 11 }
> 12 }
>
> Suppose we replace lines 07-10 with a little piece of code that adds
> the mm_struct to a list. Then a kernel thread empties the list
> (perhaps via the work queue mechanism), doing the stuff in lines
> 07-10 for each mm_struct. This would eliminate the possibility of
> mmput() sleeping, potentially making things easier for other callers
> of mmput() and causing fewer surprises. Any comments?
task_lock() can be used to pin a task's ->mm. To use task_lock() in
badness() we'd need to either
a) nest task_lock()s. I don't know if we're doing that anywhere else,
but the parent->child ordering is a natural one. or
b) take a ref on the parent's mm_struct, drop the parent's task_lock()
while we walk the children, then do mmput() on the parent's mm outside
tasklist_lock. This is probably better.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
