Re: [PATCH 2/5] uprobes: suppress uprobe_munmap() from mmput()
From: Peter Zijlstra
Date: Mon Jul 09 2012 - 04:30:31 EST
On Sun, 2012-07-08 at 22:30 +0200, Oleg Nesterov wrote:
> uprobe_munmap() does get_user_pages() and it is also called from
> the final mmput()->exit_mmap() path. This slows down exit/mmput()
> for no reason, and I think it is simply dangerous/wrong to try to
> fault-in a page into the dying mm. If nothing else, this happens
> after the last sync_mm_rss(), afaics handle_mm_fault() can change
> the task->rss_stat and make the subsequent check_mm() unhappy.
>
> Change uprobe_munmap() to check mm->mm_users != 0.
>
> Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
> ---
> kernel/events/uprobes.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
> index a93b6df..47c4e24 100644
> --- a/kernel/events/uprobes.c
> +++ b/kernel/events/uprobes.c
> @@ -1082,6 +1082,9 @@ void uprobe_munmap(struct vm_area_struct *vma, unsigned long start, unsigned lon
> if (!atomic_read(&uprobe_events) || !valid_vma(vma, false))
> return;
>
> + if (!atomic_read(&vma->vm_mm->mm_users)) /* called by mmput() ? */
> + return;
> +
> if (!atomic_read(&vma->vm_mm->uprobes_state.count))
> return;
>
But won't you leak uprobe refcounts like this? Those aren't tied to the
task (which is dying) but to the vma's mapping the appropriate hunk of
the text. Not doing the munmap will then not put the uprobe->ref..
Or am I missing something here?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/