1 files changed, 45 insertions, 39 deletions
diff --git a/kernel/exit.c b/kernel/exit.c
index 546774a31a66..b194febf5799 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -50,20 +50,20 @@
 #include <linux/perf_event.h>
 #include <trace/events/sched.h>
 #include <linux/hw_breakpoint.h>
+#include <linux/oom.h>
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
 #include <asm/pgtable.h>
 #include <asm/mmu_context.h>
-#include "cred-internals.h"
 static void exit_mm(struct task_struct * tsk);
-static void __unhash_process(struct task_struct *p)
+static void __unhash_process(struct task_struct *p, bool group_dead)
 {
        nr_threads--;
        detach_pid(p, PIDTYPE_PID);
-        if (thread_group_leader(p)) {
+        if (group_dead) {
                detach_pid(p, PIDTYPE_PGID);
                detach_pid(p, PIDTYPE_SID);
@@ -80,23 +80,26 @@ static void __unhash_process(struct task_struct *p)
 static void __exit_signal(struct task_struct *tsk)
 {
        struct signal_struct *sig = tsk->signal;
+        bool group_dead = thread_group_leader(tsk);
        struct sighand_struct *sighand;
+        struct tty_struct *uninitialized_var(tty);
-        BUG_ON(!sig);
+        sighand = rcu_dereference_check(tsk->sighand,
-        BUG_ON(!atomic_read(&sig->count));
+                                        rcu_read_lock_held() ||
+                                        lockdep_tasklist_lock_is_held());
-        sighand = rcu_dereference(tsk->sighand);
        spin_lock(&sighand->siglock);
        posix_cpu_timers_exit(tsk);
-        if (atomic_dec_and_test(&sig->count))
+        if (group_dead) {
                posix_cpu_timers_exit_group(tsk);
-        else {
+                tty = sig->tty;
+                sig->tty = NULL;
+        } else {
                /*
                 * If there is any task waiting for the group exit
                 * then notify it:
                 */
-                if (sig->group_exit_task && atomic_read(&sig->count) == sig->notify_count)
+                if (sig->notify_count > 0 && !--sig->notify_count)
                        wake_up_process(sig->group_exit_task);
                if (tsk == sig->curr_target)
@@ -122,32 +125,24 @@ static void __exit_signal(struct task_struct *tsk)
                sig->oublock += task_io_get_oublock(tsk);
                task_io_accounting_add(&sig->ioac, &tsk->ioac);
                sig->sum_sched_runtime += tsk->se.sum_exec_runtime;
-                sig = NULL; /* Marker for below. */
        }
-        __unhash_process(tsk);
+        sig->nr_threads--;
+        __unhash_process(tsk, group_dead);
        /*
         * Do this under ->siglock, we can race with another thread
         * doing sigqueue_free() if we have SIGQUEUE_PREALLOC signals.
         */
        flush_sigqueue(&tsk->pending);
-        tsk->signal = NULL;
        tsk->sighand = NULL;
        spin_unlock(&sighand->siglock);
        __cleanup_sighand(sighand);
        clear_tsk_thread_flag(tsk,TIF_SIGPENDING);
-        if (sig) {
+        if (group_dead) {
                flush_sigqueue(&sig->shared_pending);
-                taskstats_tgid_free(sig);
+                tty_kref_put(tty);
-                /*
-                 * Make sure ->signal can't go away under rq->lock,
-                 * see account_group_exec_runtime().
-                 */
-                task_rq_unlock_wait(tsk);
-                __cleanup_signal(sig);
        }
 }
@@ -155,9 +150,7 @@ static void delayed_put_task_struct(struct rcu_head *rhp)
 {
        struct task_struct *tsk = container_of(rhp, struct task_struct, rcu);
-#ifdef CONFIG_PERF_EVENTS
+        perf_event_delayed_put(tsk);
-        WARN_ON_ONCE(tsk->perf_event_ctxp);
-#endif
        trace_sched_process_free(tsk);
        put_task_struct(tsk);
 }
@@ -170,8 +163,10 @@ void release_task(struct task_struct * p)
 repeat:
        tracehook_prepare_release_task(p);
        /* don't need to get the RCU readlock here - the process is dead and
-         * can't be modifying its own credentials */
+         * can't be modifying its own credentials. But shut RCU-lockdep up */
+        rcu_read_lock();
        atomic_dec(&__task_cred(p)->user->processes);
+        rcu_read_unlock();
        proc_flush_task(p);
@@ -473,9 +468,11 @@ static void close_files(struct files_struct * files)
        /*
         * It is safe to dereference the fd table without RCU or
         * ->file_lock because this is the last reference to the
-         * files structure.
+         * files structure.  But use RCU to shut RCU-lockdep up.
         */
+        rcu_read_lock();
        fdt = files_fdtable(files);
+        rcu_read_unlock();
        for (;;) {
                unsigned long set;
                i = j * __NFDBITS;
@@ -521,10 +518,12 @@ void put_files_struct(struct files_struct *files)
                 * at the end of the RCU grace period. Otherwise,
                 * you can free files immediately.
                 */
+                rcu_read_lock();
                fdt = files_fdtable(files);
                if (fdt != &files->fdtab)
                        kmem_cache_free(files_cachep, files);
                free_fdtable(fdt);
+                rcu_read_unlock();
        }
 }
@@ -689,6 +688,8 @@ static void exit_mm(struct task_struct * tsk)
        enter_lazy_tlb(mm, current);
        /* We don't want this task to be frozen prematurely */
        clear_freeze_flag(tsk);
+        if (tsk->signal->oom_score_adj == OOM_SCORE_ADJ_MIN)
+                atomic_dec(&mm->oom_disable_count);
        task_unlock(tsk);
        mm_update_next_owner(mm);
        mmput(mm);
@@ -702,6 +703,8 @@ static void exit_mm(struct task_struct * tsk)
 * space.
 */
 static struct task_struct *find_new_reaper(struct task_struct *father)
+        __releases(&tasklist_lock)
+        __acquires(&tasklist_lock)
 {
        struct pid_namespace *pid_ns = task_active_pid_ns(father);
        struct task_struct *thread;
@@ -771,9 +774,12 @@ static void forget_original_parent(struct task_struct *father)
        struct task_struct *p, *n, *reaper;
        LIST_HEAD(dead_children);
-        exit_ptrace(father);
        write_lock_irq(&tasklist_lock);
+        /*
+         * Note that exit_ptrace() and find_new_reaper() might
+         * drop tasklist_lock and reacquire it.
+         */
+        exit_ptrace(father);
        reaper = find_new_reaper(father);
        list_for_each_entry_safe(p, n, &father->children, sibling) {
@@ -849,12 +855,9 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
        tsk->exit_state = signal == DEATH_REAP ? EXIT_DEAD : EXIT_ZOMBIE;
-        /* mt-exec, de_thread() is waiting for us */
+        /* mt-exec, de_thread() is waiting for group leader */
-        if (thread_group_leader(tsk) &&
+        if (unlikely(tsk->signal->notify_count < 0))
-            tsk->signal->group_exit_task &&
-            tsk->signal->notify_count < 0)
                wake_up_process(tsk->signal->group_exit_task);
        write_unlock_irq(&tasklist_lock);
        tracehook_report_death(tsk, signal, cookie, group_dead);
@@ -944,7 +947,9 @@ NORET_TYPE void do_exit(long code)
                                preempt_count());
        acct_update_integrals(tsk);
+        /* sync mm's RSS info before statistics gathering */
+        if (tsk->mm)
+                sync_mm_rss(tsk, tsk->mm);
        group_dead = atomic_dec_and_test(&tsk->signal->live);
        if (group_dead) {
                hrtimer_cancel(&tsk->signal->real_timer);
@@ -993,8 +998,10 @@ NORET_TYPE void do_exit(long code)
        exit_notify(tsk, group_dead);
 #ifdef CONFIG_NUMA
+        task_lock(tsk);
        mpol_put(tsk->mempolicy);
        tsk->mempolicy = NULL;
+        task_unlock(tsk);
 #endif
 #ifdef CONFIG_FUTEX
        if (unlikely(current->pi_state_cache))
@@ -1180,7 +1187,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
        if (unlikely(wo->wo_flags & WNOWAIT)) {
                int exit_code = p->exit_code;
-                int why, status;
+                int why;
                get_task_struct(p);
                read_unlock(&tasklist_lock);
@@ -1382,8 +1389,7 @@ static int wait_task_stopped(struct wait_opts *wo,
        if (!unlikely(wo->wo_flags & WNOWAIT))
                *p_code = 0;
-        /* don't need the RCU readlock here as we're holding a spinlock */
+        uid = task_uid(p);
-        uid = __task_cred(p)->uid;
 unlock_sig:
        spin_unlock_irq(&p->sighand->siglock);
        if (!exit_code)
@@ -1456,7 +1462,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
        }
        if (!unlikely(wo->wo_flags & WNOWAIT))
                p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
-        uid = __task_cred(p)->uid;
+        uid = task_uid(p);
        spin_unlock_irq(&p->sighand->siglock);
        pid = task_pid_vnr(p);

diff --git a/kernel/exit.c b/kernel/exit.c index 546774a31a66..b194febf5799 100644 --- a/kernel/exit.c +++ b/kernel/exit.c
@@ -50,20 +50,20 @@
50	#include <linux/perf_event.h>	50	#include <linux/perf_event.h>
51	#include <trace/events/sched.h>	51	#include <trace/events/sched.h>
52	#include <linux/hw_breakpoint.h>	52	#include <linux/hw_breakpoint.h>
		53	#include <linux/oom.h>
53		54
54	#include <asm/uaccess.h>	55	#include <asm/uaccess.h>
55	#include <asm/unistd.h>	56	#include <asm/unistd.h>
56	#include <asm/pgtable.h>	57	#include <asm/pgtable.h>
57	#include <asm/mmu_context.h>	58	#include <asm/mmu_context.h>
58	#include "cred-internals.h"
59		59
60	static void exit_mm(struct task_struct * tsk);	60	static void exit_mm(struct task_struct * tsk);
61		61
62	static void __unhash_process(struct task_struct *p)	62	static void __unhash_process(struct task_struct *p, bool group_dead)
63	{	63	{
64	nr_threads--;	64	nr_threads--;
65	detach_pid(p, PIDTYPE_PID);	65	detach_pid(p, PIDTYPE_PID);
66	if (thread_group_leader(p)) {	66	if (group_dead) {
67	detach_pid(p, PIDTYPE_PGID);	67	detach_pid(p, PIDTYPE_PGID);
68	detach_pid(p, PIDTYPE_SID);	68	detach_pid(p, PIDTYPE_SID);
69		69
@@ -80,23 +80,26 @@ static void __unhash_process(struct task_struct *p)
80	static void __exit_signal(struct task_struct *tsk)	80	static void __exit_signal(struct task_struct *tsk)
81	{	81	{
82	struct signal_struct *sig = tsk->signal;	82	struct signal_struct *sig = tsk->signal;
		83	bool group_dead = thread_group_leader(tsk);
83	struct sighand_struct *sighand;	84	struct sighand_struct *sighand;
		85	struct tty_struct *uninitialized_var(tty);
84		86
85	BUG_ON(!sig);	87	sighand = rcu_dereference_check(tsk->sighand,
86	BUG_ON(!atomic_read(&sig->count));	88	rcu_read_lock_held() \|\|
87		89	lockdep_tasklist_lock_is_held());
88	sighand = rcu_dereference(tsk->sighand);
89	spin_lock(&sighand->siglock);	90	spin_lock(&sighand->siglock);
90		91
91	posix_cpu_timers_exit(tsk);	92	posix_cpu_timers_exit(tsk);
92	if (atomic_dec_and_test(&sig->count))	93	if (group_dead) {
93	posix_cpu_timers_exit_group(tsk);	94	posix_cpu_timers_exit_group(tsk);
94	else {	95	tty = sig->tty;
		96	sig->tty = NULL;
		97	} else {
95	/*	98	/*
96	* If there is any task waiting for the group exit	99	* If there is any task waiting for the group exit
97	* then notify it:	100	* then notify it:
98	*/	101	*/
99	if (sig->group_exit_task && atomic_read(&sig->count) == sig->notify_count)	102	if (sig->notify_count > 0 && !--sig->notify_count)
100	wake_up_process(sig->group_exit_task);	103	wake_up_process(sig->group_exit_task);
101		104
102	if (tsk == sig->curr_target)	105	if (tsk == sig->curr_target)
@@ -122,32 +125,24 @@ static void __exit_signal(struct task_struct *tsk)
122	sig->oublock += task_io_get_oublock(tsk);	125	sig->oublock += task_io_get_oublock(tsk);
123	task_io_accounting_add(&sig->ioac, &tsk->ioac);	126	task_io_accounting_add(&sig->ioac, &tsk->ioac);
124	sig->sum_sched_runtime += tsk->se.sum_exec_runtime;	127	sig->sum_sched_runtime += tsk->se.sum_exec_runtime;
125	sig = NULL; /* Marker for below. */
126	}	128	}
127		129
128	__unhash_process(tsk);	130	sig->nr_threads--;
		131	__unhash_process(tsk, group_dead);
129		132
130	/*	133	/*
131	* Do this under ->siglock, we can race with another thread	134	* Do this under ->siglock, we can race with another thread
132	* doing sigqueue_free() if we have SIGQUEUE_PREALLOC signals.	135	* doing sigqueue_free() if we have SIGQUEUE_PREALLOC signals.
133	*/	136	*/
134	flush_sigqueue(&tsk->pending);	137	flush_sigqueue(&tsk->pending);
135
136	tsk->signal = NULL;
137	tsk->sighand = NULL;	138	tsk->sighand = NULL;
138	spin_unlock(&sighand->siglock);	139	spin_unlock(&sighand->siglock);
139		140
140	__cleanup_sighand(sighand);	141	__cleanup_sighand(sighand);
141	clear_tsk_thread_flag(tsk,TIF_SIGPENDING);	142	clear_tsk_thread_flag(tsk,TIF_SIGPENDING);
142	if (sig) {	143	if (group_dead) {
143	flush_sigqueue(&sig->shared_pending);	144	flush_sigqueue(&sig->shared_pending);
144	taskstats_tgid_free(sig);	145	tty_kref_put(tty);
145	/*
146	* Make sure ->signal can't go away under rq->lock,
147	* see account_group_exec_runtime().
148	*/
149	task_rq_unlock_wait(tsk);
150	__cleanup_signal(sig);
151	}	146	}
152	}	147	}
153		148
@@ -155,9 +150,7 @@ static void delayed_put_task_struct(struct rcu_head *rhp)
155	{	150	{
156	struct task_struct *tsk = container_of(rhp, struct task_struct, rcu);	151	struct task_struct *tsk = container_of(rhp, struct task_struct, rcu);
157		152
158	#ifdef CONFIG_PERF_EVENTS	153	perf_event_delayed_put(tsk);
159	WARN_ON_ONCE(tsk->perf_event_ctxp);
160	#endif
161	trace_sched_process_free(tsk);	154	trace_sched_process_free(tsk);
162	put_task_struct(tsk);	155	put_task_struct(tsk);
163	}	156	}
@@ -170,8 +163,10 @@ void release_task(struct task_struct * p)
170	repeat:	163	repeat:
171	tracehook_prepare_release_task(p);	164	tracehook_prepare_release_task(p);
172	/* don't need to get the RCU readlock here - the process is dead and	165	/* don't need to get the RCU readlock here - the process is dead and
173	* can't be modifying its own credentials */	166	* can't be modifying its own credentials. But shut RCU-lockdep up */
		167	rcu_read_lock();
174	atomic_dec(&__task_cred(p)->user->processes);	168	atomic_dec(&__task_cred(p)->user->processes);
		169	rcu_read_unlock();
175		170
176	proc_flush_task(p);	171	proc_flush_task(p);
177		172
@@ -473,9 +468,11 @@ static void close_files(struct files_struct * files)
473	/*	468	/*
474	* It is safe to dereference the fd table without RCU or	469	* It is safe to dereference the fd table without RCU or
475	* ->file_lock because this is the last reference to the	470	* ->file_lock because this is the last reference to the
476	* files structure.	471	* files structure. But use RCU to shut RCU-lockdep up.
477	*/	472	*/
		473	rcu_read_lock();
478	fdt = files_fdtable(files);	474	fdt = files_fdtable(files);
		475	rcu_read_unlock();
479	for (;;) {	476	for (;;) {
480	unsigned long set;	477	unsigned long set;
481	i = j * __NFDBITS;	478	i = j * __NFDBITS;
@@ -521,10 +518,12 @@ void put_files_struct(struct files_struct *files)
521	* at the end of the RCU grace period. Otherwise,	518	* at the end of the RCU grace period. Otherwise,
522	* you can free files immediately.	519	* you can free files immediately.
523	*/	520	*/
		521	rcu_read_lock();
524	fdt = files_fdtable(files);	522	fdt = files_fdtable(files);
525	if (fdt != &files->fdtab)	523	if (fdt != &files->fdtab)
526	kmem_cache_free(files_cachep, files);	524	kmem_cache_free(files_cachep, files);
527	free_fdtable(fdt);	525	free_fdtable(fdt);
		526	rcu_read_unlock();
528	}	527	}
529	}	528	}
530		529
@@ -689,6 +688,8 @@ static void exit_mm(struct task_struct * tsk)
689	enter_lazy_tlb(mm, current);	688	enter_lazy_tlb(mm, current);
690	/* We don't want this task to be frozen prematurely */	689	/* We don't want this task to be frozen prematurely */
691	clear_freeze_flag(tsk);	690	clear_freeze_flag(tsk);
		691	if (tsk->signal->oom_score_adj == OOM_SCORE_ADJ_MIN)
		692	atomic_dec(&mm->oom_disable_count);
692	task_unlock(tsk);	693	task_unlock(tsk);
693	mm_update_next_owner(mm);	694	mm_update_next_owner(mm);
694	mmput(mm);	695	mmput(mm);
@@ -702,6 +703,8 @@ static void exit_mm(struct task_struct * tsk)
702	* space.	703	* space.
703	*/	704	*/
704	static struct task_struct find_new_reaper(struct task_struct father)	705	static struct task_struct find_new_reaper(struct task_struct father)
		706	__releases(&tasklist_lock)
		707	__acquires(&tasklist_lock)
705	{	708	{
706	struct pid_namespace *pid_ns = task_active_pid_ns(father);	709	struct pid_namespace *pid_ns = task_active_pid_ns(father);
707	struct task_struct *thread;	710	struct task_struct *thread;
@@ -771,9 +774,12 @@ static void forget_original_parent(struct task_struct *father)
771	struct task_struct p, n, *reaper;	774	struct task_struct p, n, *reaper;
772	LIST_HEAD(dead_children);	775	LIST_HEAD(dead_children);
773		776
774	exit_ptrace(father);
775
776	write_lock_irq(&tasklist_lock);	777	write_lock_irq(&tasklist_lock);
		778	/*
		779	* Note that exit_ptrace() and find_new_reaper() might
		780	* drop tasklist_lock and reacquire it.
		781	*/
		782	exit_ptrace(father);
777	reaper = find_new_reaper(father);	783	reaper = find_new_reaper(father);
778		784
779	list_for_each_entry_safe(p, n, &father->children, sibling) {	785	list_for_each_entry_safe(p, n, &father->children, sibling) {
@@ -849,12 +855,9 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
849		855
850	tsk->exit_state = signal == DEATH_REAP ? EXIT_DEAD : EXIT_ZOMBIE;	856	tsk->exit_state = signal == DEATH_REAP ? EXIT_DEAD : EXIT_ZOMBIE;
851		857
852	/* mt-exec, de_thread() is waiting for us */	858	/* mt-exec, de_thread() is waiting for group leader */
853	if (thread_group_leader(tsk) &&	859	if (unlikely(tsk->signal->notify_count < 0))
854	tsk->signal->group_exit_task &&
855	tsk->signal->notify_count < 0)
856	wake_up_process(tsk->signal->group_exit_task);	860	wake_up_process(tsk->signal->group_exit_task);
857
858	write_unlock_irq(&tasklist_lock);	861	write_unlock_irq(&tasklist_lock);
859		862
860	tracehook_report_death(tsk, signal, cookie, group_dead);	863	tracehook_report_death(tsk, signal, cookie, group_dead);
@@ -944,7 +947,9 @@ NORET_TYPE void do_exit(long code)
944	preempt_count());	947	preempt_count());
945		948
946	acct_update_integrals(tsk);	949	acct_update_integrals(tsk);
947		950	/* sync mm's RSS info before statistics gathering */
		951	if (tsk->mm)
		952	sync_mm_rss(tsk, tsk->mm);
948	group_dead = atomic_dec_and_test(&tsk->signal->live);	953	group_dead = atomic_dec_and_test(&tsk->signal->live);
949	if (group_dead) {	954	if (group_dead) {
950	hrtimer_cancel(&tsk->signal->real_timer);	955	hrtimer_cancel(&tsk->signal->real_timer);
@@ -993,8 +998,10 @@ NORET_TYPE void do_exit(long code)
993		998
994	exit_notify(tsk, group_dead);	999	exit_notify(tsk, group_dead);
995	#ifdef CONFIG_NUMA	1000	#ifdef CONFIG_NUMA
		1001	task_lock(tsk);
996	mpol_put(tsk->mempolicy);	1002	mpol_put(tsk->mempolicy);
997	tsk->mempolicy = NULL;	1003	tsk->mempolicy = NULL;
		1004	task_unlock(tsk);
998	#endif	1005	#endif
999	#ifdef CONFIG_FUTEX	1006	#ifdef CONFIG_FUTEX
1000	if (unlikely(current->pi_state_cache))	1007	if (unlikely(current->pi_state_cache))
@@ -1180,7 +1187,7 @@ static int wait_task_zombie(struct wait_opts wo, struct task_struct p)
1180		1187
1181	if (unlikely(wo->wo_flags & WNOWAIT)) {	1188	if (unlikely(wo->wo_flags & WNOWAIT)) {
1182	int exit_code = p->exit_code;	1189	int exit_code = p->exit_code;
1183	int why, status;	1190	int why;
1184		1191
1185	get_task_struct(p);	1192	get_task_struct(p);
1186	read_unlock(&tasklist_lock);	1193	read_unlock(&tasklist_lock);
@@ -1382,8 +1389,7 @@ static int wait_task_stopped(struct wait_opts *wo,
1382	if (!unlikely(wo->wo_flags & WNOWAIT))	1389	if (!unlikely(wo->wo_flags & WNOWAIT))
1383	*p_code = 0;	1390	*p_code = 0;
1384		1391
1385	/* don't need the RCU readlock here as we're holding a spinlock */	1392	uid = task_uid(p);
1386	uid = __task_cred(p)->uid;
1387	unlock_sig:	1393	unlock_sig:
1388	spin_unlock_irq(&p->sighand->siglock);	1394	spin_unlock_irq(&p->sighand->siglock);
1389	if (!exit_code)	1395	if (!exit_code)
@@ -1456,7 +1462,7 @@ static int wait_task_continued(struct wait_opts wo, struct task_struct p)
1456	}	1462	}
1457	if (!unlikely(wo->wo_flags & WNOWAIT))	1463	if (!unlikely(wo->wo_flags & WNOWAIT))
1458	p->signal->flags &= ~SIGNAL_STOP_CONTINUED;	1464	p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
1459	uid = __task_cred(p)->uid;	1465	uid = task_uid(p);
1460	spin_unlock_irq(&p->sighand->siglock);	1466	spin_unlock_irq(&p->sighand->siglock);
1461		1467
1462	pid = task_pid_vnr(p);	1468	pid = task_pid_vnr(p);