linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Michal Koutný" <mkoutny@suse.com>
To: Zhang Qiao <zhangqiao22@huawei.com>
Cc: Tejun Heo <tj@kernel.org>,
	lizefan.x@bytedance.com, hannes@cmpxchg.org,
	cgroups@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [Question] set_cpus_allowed_ptr() call failed at cpuset_attach()
Date: Thu, 20 Jan 2022 15:02:22 +0100	[thread overview]
Message-ID: <20220120140222.GA27269@blackbody.suse.cz> (raw)
In-Reply-To: <ff49c096-39d9-4215-5b4f-8af2fd7c0c91@huawei.com>

On Thu, Jan 20, 2022 at 03:14:22PM +0800, Zhang Qiao <zhangqiao22@huawei.com> wrote:
> i think the troublesome scenario as follows:
>      cpuset_can_attach
>        down_read(cpuset_rwsem)
>          // check all migratees
>        up_read(cpuset_rwsem)
>                                        			[ _cpu_down / cpuhp_setup_state ]
>      cpuset_attach
>       	down_write(cpuset_rwsem)
> 	guarantee_online_cpus() // (load cpus_attach)
> 	     						sched_cpu_deactivate
> 							  set_cpu_active(cpu, false)  // will change cpu_active_mask
>         set_cpus_allowed_ptr(cpus_attach)
> 	   __set_cpus_allowed_ptr_locked()
> 	     // (if the intersection of cpus_attach and
> 	      cpu_active_mask is empty, will return -EINVAL)
>        up_write(cpuset_rwsem)
> 	                                     		schedule_work
>         	                               		...
>                 	                       		cpuset_hotplug_update_tasks
>                         	                	 down_write(cpuset_rwsem)
> 	                                	         up_write(cpuset_rwsem)
> 		                                       ... flush_work
>         		                               [ _cpu_down / cpu_up_down_serialize_trainwrecks ]

Thanks, a locking loophole indeed.

FTR, meanwhile I noticed: a) cpuset_fork() looks buggy when
CLONE_INTO_CGROUP (and dst.cpus != src.cpus), b) it'd be affected with
similar hotplug race.

Michal

  reply	other threads:[~2022-01-20 14:02 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <09ce5796-798e-83d0-f1a6-ba38a787bfc5@huawei.com>
2022-01-14  1:15 ` [Question] set_cpus_allowed_ptr() call failed at cpuset_attach() Zhang Qiao
2022-01-14 16:20   ` Tejun Heo
2022-01-14 20:33     ` Waiman Long
2022-01-17  2:25       ` Zhang Qiao
2022-01-17  4:35         ` Waiman Long
2022-01-17  6:27           ` Zhang Qiao
2022-01-17  6:25     ` Zhang Qiao
2022-01-19 13:02   ` Michal Koutný
2022-01-20  7:14     ` Zhang Qiao
2022-01-20 14:02       ` Michal Koutný [this message]
2022-01-21  8:33         ` Zhang Qiao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220120140222.GA27269@blackbody.suse.cz \
    --to=mkoutny@suse.com \
    --cc=cgroups@vger.kernel.org \
    --cc=hannes@cmpxchg.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizefan.x@bytedance.com \
    --cc=tj@kernel.org \
    --cc=zhangqiao22@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).