diff options
author | Michael S. Tsirkin <mst@redhat.com> | 2015-03-09 21:25:08 -0400 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2015-03-09 21:26:15 -0400 |
commit | 3d2a3774c1b046f548ebea0391a602fd5685a307 (patch) | |
tree | b664aba0a08380007cb1ae1b53a743c65957c6bc | |
parent | 0fa2a56437d0b7ef5d86eef2778ad3469ca72d5a (diff) |
virtio-balloon: do not call blocking ops when !TASK_RUNNING
virtio balloon has this code:
wait_event_interruptible(vb->config_change,
(diff = towards_target(vb)) != 0
|| vb->need_stats_update
|| kthread_should_stop()
|| freezing(current));
Which is a problem because towards_target() call might block after
wait_event_interruptible sets task state to TAST_INTERRUPTIBLE, causing
the task_struct::state collision typical of nesting of sleeping
primitives
See also http://lwn.net/Articles/628628/ or Thomas's
bug report
http://article.gmane.org/gmane.linux.kernel.virtualization/24846
for a fuller explanation.
To fix, rewrite using wait_woken.
Cc: stable@vger.kernel.org
Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
-rw-r--r-- | drivers/virtio/virtio_balloon.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c index b36fe56677d5..6a356e344f82 100644 --- a/drivers/virtio/virtio_balloon.c +++ b/drivers/virtio/virtio_balloon.c | |||
@@ -29,6 +29,7 @@ | |||
29 | #include <linux/module.h> | 29 | #include <linux/module.h> |
30 | #include <linux/balloon_compaction.h> | 30 | #include <linux/balloon_compaction.h> |
31 | #include <linux/oom.h> | 31 | #include <linux/oom.h> |
32 | #include <linux/wait.h> | ||
32 | 33 | ||
33 | /* | 34 | /* |
34 | * Balloon device works in 4K page units. So each page is pointed to by | 35 | * Balloon device works in 4K page units. So each page is pointed to by |
@@ -334,17 +335,25 @@ static int virtballoon_oom_notify(struct notifier_block *self, | |||
334 | static int balloon(void *_vballoon) | 335 | static int balloon(void *_vballoon) |
335 | { | 336 | { |
336 | struct virtio_balloon *vb = _vballoon; | 337 | struct virtio_balloon *vb = _vballoon; |
338 | DEFINE_WAIT_FUNC(wait, woken_wake_function); | ||
337 | 339 | ||
338 | set_freezable(); | 340 | set_freezable(); |
339 | while (!kthread_should_stop()) { | 341 | while (!kthread_should_stop()) { |
340 | s64 diff; | 342 | s64 diff; |
341 | 343 | ||
342 | try_to_freeze(); | 344 | try_to_freeze(); |
343 | wait_event_interruptible(vb->config_change, | 345 | |
344 | (diff = towards_target(vb)) != 0 | 346 | add_wait_queue(&vb->config_change, &wait); |
345 | || vb->need_stats_update | 347 | for (;;) { |
346 | || kthread_should_stop() | 348 | if ((diff = towards_target(vb)) != 0 || |
347 | || freezing(current)); | 349 | vb->need_stats_update || |
350 | kthread_should_stop() || | ||
351 | freezing(current)) | ||
352 | break; | ||
353 | wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT); | ||
354 | } | ||
355 | remove_wait_queue(&vb->config_change, &wait); | ||
356 | |||
348 | if (vb->need_stats_update) | 357 | if (vb->need_stats_update) |
349 | stats_handle_request(vb); | 358 | stats_handle_request(vb); |
350 | if (diff > 0) | 359 | if (diff > 0) |