Re: [PATCH -tip] cpuacct: Make cpuacct hierarchy walk incpuacct_charge() safe when rcupreempt is used.
From: Balbir Singh
Date: Tue Mar 17 2009 - 22:59:59 EST
* Li Zefan <lizf@xxxxxxxxxxxxxx> [2009-03-18 09:40:44]:
> Balbir Singh wrote:
> > * Li Zefan <lizf@xxxxxxxxxxxxxx> [2009-03-17 14:28:11]:
> >
> >> Bharata B Rao wrote:
> >>> cpuacct: Make cpuacct hierarchy walk in cpuacct_charge() safe when
> >>> rcupreempt is used.
> >>>
> >>> cpuacct_charge() obtains task's ca and does a hierarchy walk upwards.
> >>> This can race with the task's movement between cgroups. This race
> >>> can cause an access to freed ca pointer in cpuacct_charge(). This will not
> >> Actually it can also end up access invalid tsk->cgroups. ;)
> >>
> >> get tsk->cgroups (cg)
> >> (move tsk to another cgroup) or (tsk exiting)
> >> -> kfree(tsk->cgroups)
> >> get cg->subsys[..]
> >>
> >
> > That problem should only occur if we dereference tsk->cgroups
> > separately and then use that to dereference cg->subsys. Since we use
>
> Do you mean tsk->cgroups->subsys is safe and
> cg = tsk->cgroups;...; cg->subsys is unsafe ?
> This is wrong.
Without rcu_read_lock/unlock they are unsafe, even with the lock, we
need to use rcu_dereference() to make sure we get consistent values.
>
> > task_subsys_state() and that is RCU safe, we should be OK.
> >
>
> Yes, it's RCU safe, which means it's unsafe without rcu_read_lock/unlock.
>
Yes, I meant under rcu_read_lock/unlock.
--
Balbir
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/