diff options
author | Paul Jackson <pj@sgi.com> | 2006-02-15 18:17:38 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-02-15 18:32:21 -0500 |
commit | 06fed33849c13af637c4d09e9ba27828fac9edd5 (patch) | |
tree | 0dd2fa91503250edc94ec58b23fbb3e9ad6100f4 | |
parent | 651c29a17f7ea0204dacbc2a5042d57b1c9e2e37 (diff) |
[PATCH] cpuset: oops in exit on null cpuset fix
Fix a latent bug in cpuset_exit() handling. If a task tried to allocate
memory after calling cpuset_exit(), it oops'd in
cpuset_update_task_memory_state() on a NULL cpuset pointer.
So set the exiting tasks cpuset to the root cpuset instead of to NULL.
A distro kernel hit this with an added kernel package that had just such a
hook (allocating memory) in the exit code path.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | kernel/cpuset.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/kernel/cpuset.c b/kernel/cpuset.c index ba42b0a76961..12815d3f1a05 100644 --- a/kernel/cpuset.c +++ b/kernel/cpuset.c | |||
@@ -1977,6 +1977,39 @@ void cpuset_fork(struct task_struct *child) | |||
1977 | * We don't need to task_lock() this reference to tsk->cpuset, | 1977 | * We don't need to task_lock() this reference to tsk->cpuset, |
1978 | * because tsk is already marked PF_EXITING, so attach_task() won't | 1978 | * because tsk is already marked PF_EXITING, so attach_task() won't |
1979 | * mess with it, or task is a failed fork, never visible to attach_task. | 1979 | * mess with it, or task is a failed fork, never visible to attach_task. |
1980 | * | ||
1981 | * Hack: | ||
1982 | * | ||
1983 | * Set the exiting tasks cpuset to the root cpuset (top_cpuset). | ||
1984 | * | ||
1985 | * Don't leave a task unable to allocate memory, as that is an | ||
1986 | * accident waiting to happen should someone add a callout in | ||
1987 | * do_exit() after the cpuset_exit() call that might allocate. | ||
1988 | * If a task tries to allocate memory with an invalid cpuset, | ||
1989 | * it will oops in cpuset_update_task_memory_state(). | ||
1990 | * | ||
1991 | * We call cpuset_exit() while the task is still competent to | ||
1992 | * handle notify_on_release(), then leave the task attached to | ||
1993 | * the root cpuset (top_cpuset) for the remainder of its exit. | ||
1994 | * | ||
1995 | * To do this properly, we would increment the reference count on | ||
1996 | * top_cpuset, and near the very end of the kernel/exit.c do_exit() | ||
1997 | * code we would add a second cpuset function call, to drop that | ||
1998 | * reference. This would just create an unnecessary hot spot on | ||
1999 | * the top_cpuset reference count, to no avail. | ||
2000 | * | ||
2001 | * Normally, holding a reference to a cpuset without bumping its | ||
2002 | * count is unsafe. The cpuset could go away, or someone could | ||
2003 | * attach us to a different cpuset, decrementing the count on | ||
2004 | * the first cpuset that we never incremented. But in this case, | ||
2005 | * top_cpuset isn't going away, and either task has PF_EXITING set, | ||
2006 | * which wards off any attach_task() attempts, or task is a failed | ||
2007 | * fork, never visible to attach_task. | ||
2008 | * | ||
2009 | * Another way to do this would be to set the cpuset pointer | ||
2010 | * to NULL here, and check in cpuset_update_task_memory_state() | ||
2011 | * for a NULL pointer. This hack avoids that NULL check, for no | ||
2012 | * cost (other than this way too long comment ;). | ||
1980 | **/ | 2013 | **/ |
1981 | 2014 | ||
1982 | void cpuset_exit(struct task_struct *tsk) | 2015 | void cpuset_exit(struct task_struct *tsk) |
@@ -1984,7 +2017,7 @@ void cpuset_exit(struct task_struct *tsk) | |||
1984 | struct cpuset *cs; | 2017 | struct cpuset *cs; |
1985 | 2018 | ||
1986 | cs = tsk->cpuset; | 2019 | cs = tsk->cpuset; |
1987 | tsk->cpuset = NULL; | 2020 | tsk->cpuset = &top_cpuset; /* Hack - see comment above */ |
1988 | 2021 | ||
1989 | if (notify_on_release(cs)) { | 2022 | if (notify_on_release(cs)) { |
1990 | char *pathbuf = NULL; | 2023 | char *pathbuf = NULL; |