LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: ebiederm@xmission.com (Eric W. Biederman)
To: paulmck@linux.vnet.ibm.com
Cc: Oleg Nesterov <oleg@tv-sign.ru>,
	Andrew Morton <akpm@linux-foundation.org>,
	Ingo Molnar <mingo@elte.hu>, Pavel Emelyanov <xemul@openvz.org>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fix tasklist + find_pid() with CONFIG_PREEMPT_RCU
Date: Wed, 30 Jan 2008 02:20:02 -0700	[thread overview]
Message-ID: <m163xbhdq5.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <20080130050048.GH12073@linux.vnet.ibm.com> (Paul E. McKenney's message of "Tue, 29 Jan 2008 21:00:48 -0800")

"Paul E. McKenney" <paulmck@linux.vnet.ibm.com> writes:

> On Tue, Jan 29, 2008 at 08:24:17PM -0700, Eric W. Biederman wrote:
>> Oleg Nesterov <oleg@tv-sign.ru> writes:
>> 
>> > With CONFIG_PREEMPT_RCU read_lock(tasklist_lock) doesn't imply
> rcu_read_lock(),
>> > but find_pid_ns()->hlist_for_each_entry_rcu() should be safe under tasklist.
>> >
>> > Usually it is, detach_pid() is always called under
> write_lock(tasklist_lock),
>> > but copy_process() calls free_pid() lockless.
>> >
>> > "#ifdef CONFIG_PREEMPT_RCU" is added mostly as documentation, perhaps it is
>> > too ugly and should be removed.
>> >
>> > Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
>> >
>> > --- MM/kernel/fork.c~PR_RCU	2008-01-27 17:09:47.000000000 +0300
>> > +++ MM/kernel/fork.c	2008-01-29 19:23:44.000000000 +0300
>> > @@ -1335,8 +1335,19 @@ static struct task_struct *copy_process(
>> >  	return p;
>> >  
>> >  bad_fork_free_pid:
>> > -	if (pid != &init_struct_pid)
>> > +	if (pid != &init_struct_pid) {
>> > +#ifdef CONFIG_PREEMPT_RCU
>> > +		/*
>> > +		 * read_lock(tasklist_lock) doesn't imply rcu_read_lock(),
>> > +		 * make sure find_pid() is safe under read_lock(tasklist).
>> > +		 */
>> > +		write_lock_irq(&tasklist_lock);
>> > +#endif
>> >  		free_pid(pid);
>> > +#ifdef CONFIG_PREEMPT_RCU
>> > +		write_unlock_irq(&tasklist_lock);
>> > +#endif
>> > +	}
>> >  bad_fork_cleanup_namespaces:
>> >  	exit_task_namespaces(p);
>> >  bad_fork_cleanup_keys:
>> 
>> Ok. I believe I see what problem you are trying to fix.  That
>> a pid returned from find_pid might disappear if we are not rcu
>> protected.
>> 
>> This patch in the simplest form is wrong because it is confusing.
>> 
>> We currently appear to have two options.
>> 1) Force all pid hash table access and pid accesses that
>>    do not get a count to be covered under rcu_read_lock.
>> 2) To modify the locking requirements for free_pid to require
>>    the tasklist_lock.
>> 
>>    However this second approach is horribly brittle, as it
>>    will break if we ever have intermediate entries in the
>>    hash table protected by pidmap_lock.
>> 
>> Using the tasklist_lock to still guarantee we see the list, the entire
>> list, and exactly the list for proper implementation of kill to
>> process groups and sessions still seems sane.
>> 
>> So let's just remove the guarantee of find_pid being usable with
>> just the tasklist_lock held.
>
> Makes sense to me -- it is totally permissible to hold rcu_read_lock()
> across update code.  ;-)

Let me rephrase so it is clear.

When dealing with pids there is exactly one case where we need
to take read_lock(&tasklist_lock);

Posix (and sanely handling corner cases) requires that when we send a
signal to a process group or a session we have a snapshot in time view
of the entire group.  In particular this allows us to send SIGKILL to
every member of the group and to have the entire group die.

For all other cases (like /proc) we can safely and simply use the
rcu_read_lock and it improves scalability.

So for those cases where we are sending a signal to multiple processes
it looks like we need to go in and change the code to say:

read_lock(&tasklist_lock);
rcu_read_lock();
...
rcu_read_unlock();
read_unlock(&tasklist_lock);

Which is all sane, and should be correct and maintainable in the
future and is relatively easy to understand.

Of course if we start with find_get_pid and then later do put_pid we
are also fine.  The current code is a little extra confused right now
because we have not completed the pid namespace conversion.  Although
we are getting quite close.

Eric



  reply	other threads:[~2008-01-30  9:25 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-29 16:40 Oleg Nesterov
2008-01-29 23:02 ` Andrew Morton
2008-01-30 14:17   ` Peter Zijlstra
2008-01-31 13:32   ` Ingo Molnar
2008-01-29 23:08 ` Andrew Morton
2008-01-30  2:16   ` Eric W. Biederman
2008-01-30  4:56     ` Paul E. McKenney
2008-01-30  3:24 ` Eric W. Biederman
2008-01-30  5:00   ` Paul E. McKenney
2008-01-30  9:20     ` Eric W. Biederman [this message]
2008-01-30  9:48       ` Oleg Nesterov
2008-01-30  9:30   ` Oleg Nesterov
2008-01-30 18:28     ` Eric W. Biederman
2008-01-31  9:31       ` Oleg Nesterov
2009-12-14  2:15 Tetsuo Handa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m163xbhdq5.fsf@ebiederm.dsl.xmission.com \
    --to=ebiederm@xmission.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=oleg@tv-sign.ru \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=xemul@openvz.org \
    --subject='Re: [PATCH] fix tasklist + find_pid() with CONFIG_PREEMPT_RCU' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).