diff options
author | Srivatsa Vaddagiri <vatsa@in.ibm.com> | 2007-05-08 03:27:25 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-05-08 14:15:05 -0400 |
commit | dd9037a26a1e6ebec9121b4681c414dc77189a90 (patch) | |
tree | cbce9dc3406943b0026a5de01bd64d42714a9413 | |
parent | e5f00f42f35e6f4699f105a3bd56874847cbf72f (diff) |
Fix race between attach_task and cpuset_exit
Currently cpuset_exit() changes the exiting task's ->cpuset pointer w/o
taking task_lock(). This can lead to ugly races between attach_task and
cpuset_exit. Details of the races are described at
http://lkml.org/lkml/2007/3/24/132.
Patch below closes those races.
Signed-off-by: Srivatsa Vaddagiri <vatsa@in.ibm.com>
Cc: Paul Jackson <pj@sgi.com>
Cc: Balbir Singh <balbir@in.ibm.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | kernel/cpuset.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/kernel/cpuset.c b/kernel/cpuset.c index d240349cbf0f..bde714db2b26 100644 --- a/kernel/cpuset.c +++ b/kernel/cpuset.c | |||
@@ -2200,10 +2200,6 @@ void cpuset_fork(struct task_struct *child) | |||
2200 | * it is holding that mutex while calling check_for_release(), | 2200 | * it is holding that mutex while calling check_for_release(), |
2201 | * which calls kmalloc(), so can't be called holding callback_mutex(). | 2201 | * which calls kmalloc(), so can't be called holding callback_mutex(). |
2202 | * | 2202 | * |
2203 | * We don't need to task_lock() this reference to tsk->cpuset, | ||
2204 | * because tsk is already marked PF_EXITING, so attach_task() won't | ||
2205 | * mess with it, or task is a failed fork, never visible to attach_task. | ||
2206 | * | ||
2207 | * the_top_cpuset_hack: | 2203 | * the_top_cpuset_hack: |
2208 | * | 2204 | * |
2209 | * Set the exiting tasks cpuset to the root cpuset (top_cpuset). | 2205 | * Set the exiting tasks cpuset to the root cpuset (top_cpuset). |
@@ -2242,8 +2238,10 @@ void cpuset_exit(struct task_struct *tsk) | |||
2242 | { | 2238 | { |
2243 | struct cpuset *cs; | 2239 | struct cpuset *cs; |
2244 | 2240 | ||
2241 | task_lock(current); | ||
2245 | cs = tsk->cpuset; | 2242 | cs = tsk->cpuset; |
2246 | tsk->cpuset = &top_cpuset; /* the_top_cpuset_hack - see above */ | 2243 | tsk->cpuset = &top_cpuset; /* the_top_cpuset_hack - see above */ |
2244 | task_unlock(current); | ||
2247 | 2245 | ||
2248 | if (notify_on_release(cs)) { | 2246 | if (notify_on_release(cs)) { |
2249 | char *pathbuf = NULL; | 2247 | char *pathbuf = NULL; |