Freezer: avoid freezing kernel threads prematurely

Kernel threads should not have TIF_FREEZE set when user space processes are being frozen, since otherwise some of them might be frozen prematurely. To prevent this from happening we can (1) make exit_mm() unset TIF_FREEZE unconditionally just after clearing tsk->mm and (2) make try_to_freeze_tasks() check if p->mm is different from zero and PF_BORROWED_MM is unset in p->flags when user space processes are to be frozen. Namely, when user space processes are being frozen, we only should set TIF_FREEZE for tasks that have p->mm different from NULL and don't have PF_BORROWED_MM set in p->flags. For this reason task_lock() must be used to prevent try_to_freeze_tasks() from racing with use_mm()/unuse_mm(), in which p->mm and p->flags.PF_BORROWED_MM are changed under task_lock(p). Also, we need to prevent the following scenario from happening: * daemonize() is called by a task spawned from a user space code path * freezer checks if the task has p->mm set and the result is positive * task enters exit_mm() and clears its TIF_FREEZE * freezer sets TIF_FREEZE for the task * task calls try_to_freeze() and goes to the refrigerator, which is wrong at that point This requires us to acquire task_lock(p) before p->flags.PF_BORROWED_MM and p->mm are examined and release it after TIF_FREEZE is set for p (or it turns out that TIF_FREEZE should not be set). Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Gautham R Shenoy <ego@in.ibm.com> Cc: Pavel Machek <pavel@ucw.cz> Cc: Nigel Cunningham <nigel@nigel.suspend2.net> Cc: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Rafael J. Wysocki <rjw@sisk.pl> 2007-07-19 04:47:33 -0400
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-07-19 13:04:42 -0400
commit: 0c1eecfb345401629aa57c9d3b077273e56c45a7 (patch)
tree: 522d7090966c6e70f3147c30e3308781e0309938 /kernel/power/process.c
parent: b1457bcc3a00a0446c7f6e2f22fd24b6d8d0a309 (diff)
1 files changed, 33 insertions, 31 deletions
diff --git a/kernel/power/process.c b/kernel/power/process.c
index b850173e75..e1bcdedd14 100644
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
@@ -40,7 +40,7 @@ static inline void frozen_process(void)
                current->flags |= PF_FROZEN;
                wmb();
        }
-        clear_tsk_thread_flag(current, TIF_FREEZE);
+        clear_freeze_flag(current);
 }
 /* Refrigerator is place where frozen processes are stored :-). */
@@ -75,17 +75,16 @@ void refrigerator(void)
        current->state = save;
 }
-static inline void freeze_process(struct task_struct *p)
+static void freeze_task(struct task_struct *p)
 {
        unsigned long flags;
        if (!freezing(p)) {
                rmb();
                if (!frozen(p)) {
+                        set_freeze_flag(p);
                        if (p->state == TASK_STOPPED)
                                force_sig_specific(SIGSTOP, p);
-                        freeze(p);
                        spin_lock_irqsave(&p->sighand->siglock, flags);
                        signal_wake_up(p, p->state == TASK_STOPPED);
                        spin_unlock_irqrestore(&p->sighand->siglock, flags);
@@ -99,18 +98,13 @@ static void cancel_freezing(struct task_struct *p)
        if (freezing(p)) {
                pr_debug("  clean up: %s\n", p->comm);
-                do_not_freeze(p);
+                clear_freeze_flag(p);
                spin_lock_irqsave(&p->sighand->siglock, flags);
                recalc_sigpending_and_wake(p);
                spin_unlock_irqrestore(&p->sighand->siglock, flags);
        }
 }
-static inline int is_user_space(struct task_struct *p)
-{
-        return p->mm && !(p->flags & PF_BORROWED_MM);
-}
 static unsigned int try_to_freeze_tasks(int freeze_user_space)
 {
        struct task_struct *g, *p;
@@ -122,20 +116,34 @@ static unsigned int try_to_freeze_tasks(int freeze_user_space)
                todo = 0;
                read_lock(&tasklist_lock);
                do_each_thread(g, p) {
-                        if (!freezeable(p))
+                        if (frozen(p) || !freezeable(p))
-                                continue;
-                        if (frozen(p))
                                continue;
-                        if (p->state == TASK_TRACED && frozen(p->parent)) {
+                        if (freeze_user_space) {
-                                cancel_freezing(p);
+                                if (p->state == TASK_TRACED &&
-                                continue;
+                                    frozen(p->parent)) {
+                                        cancel_freezing(p);
+                                        continue;
+                                }
+                                /*
+                                 * Kernel threads should not have TIF_FREEZE set
+                                 * at this point, so we must ensure that either
+                                 * p->mm is not NULL *and* PF_BORROWED_MM is
+                                 * unset, or TIF_FRREZE is left unset.
+                                 * The task_lock() is necessary to prevent races
+                                 * with exit_mm() or use_mm()/unuse_mm() from
+                                 * occuring.
+                                 */
+                                task_lock(p);
+                                if (!p->mm || (p->flags & PF_BORROWED_MM)) {
+                                        task_unlock(p);
+                                        continue;
+                                }
+                                freeze_task(p);
+                                task_unlock(p);
+                        } else {
+                                freeze_task(p);
                        }
-                        if (freeze_user_space && !is_user_space(p))
-                                continue;
-                        freeze_process(p);
                        if (!freezer_should_skip(p))
                                todo++;
                } while_each_thread(g, p);
@@ -152,22 +160,16 @@ static unsigned int try_to_freeze_tasks(int freeze_user_space)
                 * but it cleans up leftover PF_FREEZE requests.
                 */
                printk("\n");
-                printk(KERN_ERR "Stopping %s timed out after %d seconds "
+                printk(KERN_ERR "Freezing of %s timed out after %d seconds "
                                "(%d tasks refusing to freeze):\n",
-                                freeze_user_space ? "user space processes" :
+                                freeze_user_space ? "user space " : "tasks ",
-                                        "kernel threads",
                                TIMEOUT / HZ, todo);
                show_state();
                read_lock(&tasklist_lock);
                do_each_thread(g, p) {
-                        if (freeze_user_space && !is_user_space(p))
-                                continue;
                        task_lock(p);
-                        if (freezeable(p) && !frozen(p) &&
+                        if (freezing(p) && !freezer_should_skip(p))
-                            !freezer_should_skip(p))
                                printk(KERN_ERR " %s\n", p->comm);
                        cancel_freezing(p);
                        task_unlock(p);
                } while_each_thread(g, p);
@@ -211,7 +213,7 @@ static void thaw_tasks(int thaw_user_space)
                if (!freezeable(p))
                        continue;
-                if (is_user_space(p) == !thaw_user_space)
+                if (!p->mm == thaw_user_space)
                        continue;
                thaw_process(p);
author	Rafael J. Wysocki <rjw@sisk.pl>	2007-07-19 04:47:33 -0400
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-07-19 13:04:42 -0400
commit	0c1eecfb345401629aa57c9d3b077273e56c45a7 (patch)
tree	522d7090966c6e70f3147c30e3308781e0309938 /kernel/power/process.c
parent	b1457bcc3a00a0446c7f6e2f22fd24b6d8d0a309 (diff)