From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752871AbcLHGeC (ORCPT ); Thu, 8 Dec 2016 01:34:02 -0500 Received: from outboundhk.mxmail.xiaomi.com ([207.226.244.122]:6708 "EHLO xiaomi.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750822AbcLHGeA (ORCPT ); Thu, 8 Dec 2016 01:34:00 -0500 From: =?utf-8?B?5bSU56uL6aOe?= To: "Rafael J. Wysocki" CC: "linux-kernel@vger.kernel.org" , "miklos@szeredi.hu" , "pavel@ucw.cz" , "len.brown@intel.com" , "linux-fsdevel@vger.kernel.org" , "viro@zeniv.linux.org.uk" , =?utf-8?B?5py06Iux5pWP?= , =?utf-8?B?5YiY5omN?= , Jiri Kosina , =?utf-8?B?5bSU56uL6aOe?= Subject: =?utf-8?B?562U5aSNOiBbUEFUQ0hdIGZ1c2U6IGZyZWV6aW5nIGFib3J0IHdoZW4gdXNl?= =?utf-8?B?IHdhaXRfZXZlbnRfa2lsbGFibGV7LF9leGNsdXNpdmV9KCku?= Thread-Topic: [PATCH] fuse: freezing abort when use wait_event_killable{,_exclusive}(). Thread-Index: AQHSTqYzG4MHdWOE4kWGFDmCGy2pcaD6+QyAgAKhRQQ= Date: Thu, 8 Dec 2016 06:31:20 +0000 Message-ID: <1481178779996.35846@xiaomi.com> References: <1480907985-1494-1-git-send-email-cuilifei@xiaomi.com>,<2611375.NpU9fySFZX@aspire.rjw.lan> In-Reply-To: <2611375.NpU9fySFZX@aspire.rjw.lan> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.237.10.122] Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id uB86Y6eY022695 Hi Rafael, The fuse we used is without the commit "fuse: don't mess with blocking signals" committed by Al Viro. So we find the issue SIGBUS. In the page fault, trying to read page in fuse is interrupted, which will lead to SIGBUS issue. All Android platforms, include Android N, have the SIGUBS issue. All the SIGBUS issues are produced in the freezing process. In our Android platform, the root-cause of SIGBUS is : suspend procedure will set the signal pending flag(TIF_SIGPENDING) and then wake up the task which is TASK_INTERRUPTIBLE status . The request_wait_answer, which calls wait_event_interruptible, is interrupted and the fuse request is still in pending status, which leads to SIGBUS sent to caller. This issue can be reproduced by adding delays in funciton handle_read, which is in the Android sdcard daemon process. So we merge the commit "fuse: don't mess with blocking signals", which just use wait_event_killable{,_exclusive}(). It fix the SIGBUS issue. But the freezing will fail, because the freezing procedure cannot wake up the task which is in TASK_KILLABLE(TASK_WAKEKILL | TASK_UNINTERRUPTIBLE) status. And the suspend procedure will abort until the time is out. In this patch, we try to fix the issue mentioned above. > --- >   fs/fuse/dev.c           | 30 ++++++++++++++++++++++++++---- >   include/linux/freezer.h | 26 ++++++++++++++++++++++++++ >   2 files changed, 52 insertions(+), 4 deletions(-) > > diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c > index 70ea57c..e33a081 100644 > --- a/fs/fuse/dev.c > +++ b/fs/fuse/dev.c > @@ -19,6 +19,7 @@ >   #include >   #include >   #include > +#include >   >   MODULE_ALIAS_MISCDEV(FUSE_MINOR); >   MODULE_ALIAS("devname:fuse"); > @@ -99,6 +100,19 @@ void fuse_request_free(struct fuse_req *req) >         kmem_cache_free(fuse_req_cachep, req); >   } >   > +static void block_sigs(sigset_t *oldset) > +{ > +     sigset_t mask; > + > +     siginitsetinv(&mask, sigmask(SIGKILL)); > +     sigprocmask(SIG_BLOCK, &mask, oldset); > +} > + > +static void restore_sigs(sigset_t *oldset) > +{ > +     sigprocmask(SIG_SETMASK, oldset, NULL); > +} > + >   void __fuse_get_request(struct fuse_req *req) >   { >         atomic_inc(&req->count); > @@ -134,13 +148,18 @@ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages, >                                        bool for_background) >   { >         struct fuse_req *req; > +     sigset_t oldset; > +     int intr; >         int err; >         atomic_inc(&fc->num_waiting); >   >         if (fuse_block_alloc(fc, for_background)) { >                 err = -EINTR; > -             if (wait_event_killable_exclusive(fc->blocked_waitq, > -                             !fuse_block_alloc(fc, for_background))) > +             block_sigs(&oldset); > +             intr = wait_fatal_freezable(fc->blocked_waitq, > +                             !fuse_block_alloc(fc, for_background), true); > +             restore_sigs(&oldset); > +             if (intr) >                         goto out; >         } >         /* Matches smp_wmb() in fuse_set_initialized() */ > @@ -427,9 +446,12 @@ static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) >         } >   >         if (!test_bit(FR_FORCE, &req->flags)) { > +             sigset_t oldset; >                 /* Only fatal signals may interrupt this */ > -             err = wait_event_killable(req->waitq, > -                                     test_bit(FR_FINISHED, &req->flags)); > +             block_sigs(&oldset); > +             err = wait_fatal_freezable(req->waitq, > +                             test_bit(FR_FINISHED, &req->flags), false); > +             restore_sigs(&oldset); >                 if (!err) >                         return; >   > diff --git a/include/linux/freezer.h b/include/linux/freezer.h > index dd03e83..2504cd0 100644 > --- a/include/linux/freezer.h > +++ b/include/linux/freezer.h > @@ -256,6 +256,22 @@ static inline int freezable_schedule_hrtimeout_range(ktime_t *expires, >         __retval;                                                       \ >   }) >   > +#define wait_fatal_freezable(wq, condition, exclusive)                       \ > +({                                                                   \ > +     int __ret = 0;                                                  \ > +     do {                                                            \ > +             if (exclusive)                                          \ > +                     __ret = wait_event_interruptible_exclusive(wq,  \    //set the TASK_INTERRUPTIBLE > +                                                     condition);     \                        //can be waked up by suspend procedure > +             else                                                    \ > +                     __ret = wait_event_interruptible(wq,            \ > +                                                     condition);     \ > +             if (!__ret || fatal_signal_pending(current))            \           //check condition or there is fatal signal > +                     break;                                          \                        //if true, wait finish > +     } while (try_to_freeze());                                      \                  //if freezing is in effect, try to freeze the task > +     __ret;                                                          \ > +}) > + >   #else /* !CONFIG_FREEZER */ >   static inline bool frozen(struct task_struct *p) { return false; } >   static inline bool freezing(struct task_struct *p) { return false; } > @@ -296,6 +312,16 @@ static inline void set_freezable(void) {} >   #define wait_event_freezekillable_unsafe(wq, condition)                      \ >                 wait_event_killable(wq, condition) >   > +#define wait_fatal_freezable(wq, condition, exclusive)                       \ > +({                                                                   \ > +     int __ret = 0;                                                  \ > +     if (exclusive)                                                  \ > +             __ret = wait_event_killable_exclusive(wq, condition);   \ > +     else                                                            \ > +             __ret = wait_event_killable(wq, condition);             \ > +     __ret;                                                          \ > +}) > + >   #endif /* !CONFIG_FREEZER */ >   >   #endif       /* FREEZER_H_INCLUDED */ > Thanks. BR, ________________________________________ 发件人: Rafael J. Wysocki 发送时间: 2016年12月7日 6:15 收件人: 崔立飞 抄送: linux-kernel@vger.kernel.org; miklos@szeredi.hu; pavel@ucw.cz; len.brown@intel.com; linux-fsdevel@vger.kernel.org; viro@zeniv.linux.org.uk; 朴英敏; 刘才; Jiri Kosina 主题: Re: [PATCH] fuse: freezing abort when use wait_event_killable{,_exclusive}(). On Monday, December 05, 2016 11:19:45 AM cuilifei wrote: > Freezing process can abort when a client is waiting uninterruptibly > for a response. Add new macro wait_fatal_freezable to try to fix it. > > Signed-off-by: cuilifei I'm not a big fan of this to be honest. Do we really want to suspend the system (or freeze tasks for other reasons) if that happens? > --- >  fs/fuse/dev.c           | 30 ++++++++++++++++++++++++++---- >  include/linux/freezer.h | 26 ++++++++++++++++++++++++++ >  2 files changed, 52 insertions(+), 4 deletions(-) > > diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c > index 70ea57c..e33a081 100644 > --- a/fs/fuse/dev.c > +++ b/fs/fuse/dev.c > @@ -19,6 +19,7 @@ >  #include >  #include >  #include > +#include > >  MODULE_ALIAS_MISCDEV(FUSE_MINOR); >  MODULE_ALIAS("devname:fuse"); > @@ -99,6 +100,19 @@ void fuse_request_free(struct fuse_req *req) >       kmem_cache_free(fuse_req_cachep, req); >  } > > +static void block_sigs(sigset_t *oldset) > +{ > +     sigset_t mask; > + > +     siginitsetinv(&mask, sigmask(SIGKILL)); > +     sigprocmask(SIG_BLOCK, &mask, oldset); > +} > + > +static void restore_sigs(sigset_t *oldset) > +{ > +     sigprocmask(SIG_SETMASK, oldset, NULL); > +} > + >  void __fuse_get_request(struct fuse_req *req) >  { >       atomic_inc(&req->count); > @@ -134,13 +148,18 @@ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages, >                                      bool for_background) >  { >       struct fuse_req *req; > +     sigset_t oldset; > +     int intr; >       int err; >       atomic_inc(&fc->num_waiting); > >       if (fuse_block_alloc(fc, for_background)) { >               err = -EINTR; > -             if (wait_event_killable_exclusive(fc->blocked_waitq, > -                             !fuse_block_alloc(fc, for_background))) > +             block_sigs(&oldset); > +             intr = wait_fatal_freezable(fc->blocked_waitq, > +                             !fuse_block_alloc(fc, for_background), true); > +             restore_sigs(&oldset); > +             if (intr) >                       goto out; >       } >       /* Matches smp_wmb() in fuse_set_initialized() */ > @@ -427,9 +446,12 @@ static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) >       } > >       if (!test_bit(FR_FORCE, &req->flags)) { > +             sigset_t oldset; >               /* Only fatal signals may interrupt this */ > -             err = wait_event_killable(req->waitq, > -                                     test_bit(FR_FINISHED, &req->flags)); > +             block_sigs(&oldset); > +             err = wait_fatal_freezable(req->waitq, > +                             test_bit(FR_FINISHED, &req->flags), false); > +             restore_sigs(&oldset); >               if (!err) >                       return; > > diff --git a/include/linux/freezer.h b/include/linux/freezer.h > index dd03e83..2504cd0 100644 > --- a/include/linux/freezer.h > +++ b/include/linux/freezer.h > @@ -256,6 +256,22 @@ static inline int freezable_schedule_hrtimeout_range(ktime_t *expires, >       __retval;                                                       \ >  }) > > +#define wait_fatal_freezable(wq, condition, exclusive)                       \ > +({                                                                   \ > +     int __ret = 0;                                                  \ > +     do {                                                            \ > +             if (exclusive)                                          \ > +                     __ret = wait_event_interruptible_exclusive(wq,  \ > +                                                     condition);     \ > +             else                                                    \ > +                     __ret = wait_event_interruptible(wq,            \ > +                                                     condition);     \ > +             if (!__ret || fatal_signal_pending(current))            \ > +                     break;                                          \ > +     } while (try_to_freeze());                                      \ > +     __ret;                                                          \ > +}) > + >  #else /* !CONFIG_FREEZER */ >  static inline bool frozen(struct task_struct *p) { return false; } >  static inline bool freezing(struct task_struct *p) { return false; } > @@ -296,6 +312,16 @@ static inline void set_freezable(void) {} >  #define wait_event_freezekillable_unsafe(wq, condition)                      \ >               wait_event_killable(wq, condition) > > +#define wait_fatal_freezable(wq, condition, exclusive)                       \ > +({                                                                   \ > +     int __ret = 0;                                                  \ > +     if (exclusive)                                                  \ > +             __ret = wait_event_killable_exclusive(wq, condition);   \ > +     else                                                            \ > +             __ret = wait_event_killable(wq, condition);             \ > +     __ret;                                                          \ > +}) > + >  #endif /* !CONFIG_FREEZER */ > >  #endif       /* FREEZER_H_INCLUDED */ > Thanks, Rafael