| Message ID | 20200124114017.8363-2-mkoutny@suse.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 9c974c77246460fa6a92c18554c3311c8c83c160 |
| Headers | show |
| Series | [v2,1/3] cgroup: Iterate tasks that did not finish do_exit() | expand |
On Fri, Jan 24, 2020 at 3:40 AM Michal Koutný <mkoutny@suse.com> wrote: > > PF_EXITING is set earlier than actual removal from css_set when a task > is exitting. This can confuse cgroup.procs readers who see no PF_EXITING > tasks, however, rmdir is checking against css_set membership so it can > transitionally fail with EBUSY. > > Fix this by listing tasks that weren't unlinked from css_set active > lists. > It may happen that other users of the task iterator (without > CSS_TASK_ITER_PROCS) spot a PF_EXITING task before cgroup_exit(). This > is equal to the state before commit c03cd7738a83 ("cgroup: Include dying > leaders with live threads in PROCS iterations") but it may be reviewed > later. > > Reported-by: Suren Baghdasaryan <surenb@google.com> > Fixes: c03cd7738a83 ("cgroup: Include dying leaders with live threads in PROCS iterations") > Signed-off-by: Michal Koutný <mkoutny@suse.com> > --- > include/linux/cgroup.h | 1 + > kernel/cgroup/cgroup.c | 23 ++++++++++++++++------- > 2 files changed, 17 insertions(+), 7 deletions(-) > > diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h > index d7ddebd0cdec..e75d2191226b 100644 > --- a/include/linux/cgroup.h > +++ b/include/linux/cgroup.h > @@ -62,6 +62,7 @@ struct css_task_iter { > struct list_head *mg_tasks_head; > struct list_head *dying_tasks_head; > > + struct list_head *cur_tasks_head; > struct css_set *cur_cset; > struct css_set *cur_dcset; > struct task_struct *cur_task; > diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c > index 735af8f15f95..a6e3619e013b 100644 > --- a/kernel/cgroup/cgroup.c > +++ b/kernel/cgroup/cgroup.c > @@ -4404,12 +4404,16 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) > } > } while (!css_set_populated(cset) && list_empty(&cset->dying_tasks)); > > - if (!list_empty(&cset->tasks)) > + if (!list_empty(&cset->tasks)) { > it->task_pos = cset->tasks.next; > - else if (!list_empty(&cset->mg_tasks)) > + it->cur_tasks_head = &cset->tasks; > + } else if (!list_empty(&cset->mg_tasks)) { > it->task_pos = cset->mg_tasks.next; > - else > + it->cur_tasks_head = &cset->mg_tasks; > + } else { > it->task_pos = cset->dying_tasks.next; > + it->cur_tasks_head = &cset->dying_tasks; > + } > > it->tasks_head = &cset->tasks; > it->mg_tasks_head = &cset->mg_tasks; > @@ -4467,10 +4471,14 @@ static void css_task_iter_advance(struct css_task_iter *it) > else > it->task_pos = it->task_pos->next; > > - if (it->task_pos == it->tasks_head) > + if (it->task_pos == it->tasks_head) { > it->task_pos = it->mg_tasks_head->next; > - if (it->task_pos == it->mg_tasks_head) > + it->cur_tasks_head = it->mg_tasks_head; > + } > + if (it->task_pos == it->mg_tasks_head) { > it->task_pos = it->dying_tasks_head->next; > + it->cur_tasks_head = it->dying_tasks_head; > + } > if (it->task_pos == it->dying_tasks_head) > css_task_iter_advance_css_set(it); > } else { > @@ -4489,11 +4497,12 @@ static void css_task_iter_advance(struct css_task_iter *it) > goto repeat; > > /* and dying leaders w/o live member threads */ > - if (!atomic_read(&task->signal->live)) > + if (it->cur_tasks_head == it->dying_tasks_head && > + !atomic_read(&task->signal->live)) > goto repeat; > } else { > /* skip all dying ones */ > - if (task->flags & PF_EXITING) > + if (it->cur_tasks_head == it->dying_tasks_head) > goto repeat; > } > } > -- > 2.24.1 > Tested-by: Suren Baghdasaryan <surenb@google.com> Thanks!
On Fri, Jan 24, 2020 at 2:56 PM Suren Baghdasaryan <surenb@google.com> wrote: > > On Fri, Jan 24, 2020 at 3:40 AM Michal Koutný <mkoutny@suse.com> wrote: > > > > PF_EXITING is set earlier than actual removal from css_set when a task > > is exitting. This can confuse cgroup.procs readers who see no PF_EXITING > > tasks, however, rmdir is checking against css_set membership so it can > > transitionally fail with EBUSY. > > > > Fix this by listing tasks that weren't unlinked from css_set active > > lists. > > It may happen that other users of the task iterator (without > > CSS_TASK_ITER_PROCS) spot a PF_EXITING task before cgroup_exit(). This > > is equal to the state before commit c03cd7738a83 ("cgroup: Include dying > > leaders with live threads in PROCS iterations") but it may be reviewed > > later. > > > > Reported-by: Suren Baghdasaryan <surenb@google.com> > > Fixes: c03cd7738a83 ("cgroup: Include dying leaders with live threads in PROCS iterations") > > Signed-off-by: Michal Koutný <mkoutny@suse.com> > > --- > > include/linux/cgroup.h | 1 + > > kernel/cgroup/cgroup.c | 23 ++++++++++++++++------- > > 2 files changed, 17 insertions(+), 7 deletions(-) > > > > diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h > > index d7ddebd0cdec..e75d2191226b 100644 > > --- a/include/linux/cgroup.h > > +++ b/include/linux/cgroup.h > > @@ -62,6 +62,7 @@ struct css_task_iter { > > struct list_head *mg_tasks_head; > > struct list_head *dying_tasks_head; > > > > + struct list_head *cur_tasks_head; > > struct css_set *cur_cset; > > struct css_set *cur_dcset; > > struct task_struct *cur_task; > > diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c > > index 735af8f15f95..a6e3619e013b 100644 > > --- a/kernel/cgroup/cgroup.c > > +++ b/kernel/cgroup/cgroup.c > > @@ -4404,12 +4404,16 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) > > } > > } while (!css_set_populated(cset) && list_empty(&cset->dying_tasks)); > > > > - if (!list_empty(&cset->tasks)) > > + if (!list_empty(&cset->tasks)) { > > it->task_pos = cset->tasks.next; > > - else if (!list_empty(&cset->mg_tasks)) > > + it->cur_tasks_head = &cset->tasks; > > + } else if (!list_empty(&cset->mg_tasks)) { > > it->task_pos = cset->mg_tasks.next; > > - else > > + it->cur_tasks_head = &cset->mg_tasks; > > + } else { > > it->task_pos = cset->dying_tasks.next; > > + it->cur_tasks_head = &cset->dying_tasks; > > + } > > > > it->tasks_head = &cset->tasks; > > it->mg_tasks_head = &cset->mg_tasks; > > @@ -4467,10 +4471,14 @@ static void css_task_iter_advance(struct css_task_iter *it) > > else > > it->task_pos = it->task_pos->next; > > > > - if (it->task_pos == it->tasks_head) > > + if (it->task_pos == it->tasks_head) { > > it->task_pos = it->mg_tasks_head->next; > > - if (it->task_pos == it->mg_tasks_head) > > + it->cur_tasks_head = it->mg_tasks_head; > > + } > > + if (it->task_pos == it->mg_tasks_head) { > > it->task_pos = it->dying_tasks_head->next; > > + it->cur_tasks_head = it->dying_tasks_head; > > + } > > if (it->task_pos == it->dying_tasks_head) > > css_task_iter_advance_css_set(it); > > } else { > > @@ -4489,11 +4497,12 @@ static void css_task_iter_advance(struct css_task_iter *it) > > goto repeat; > > > > /* and dying leaders w/o live member threads */ > > - if (!atomic_read(&task->signal->live)) > > + if (it->cur_tasks_head == it->dying_tasks_head && > > + !atomic_read(&task->signal->live)) > > goto repeat; > > } else { > > /* skip all dying ones */ > > - if (task->flags & PF_EXITING) > > + if (it->cur_tasks_head == it->dying_tasks_head) > > goto repeat; > > } > > } > > -- > > 2.24.1 > > > > Tested-by: Suren Baghdasaryan <surenb@google.com> > > Thanks! Hi Folks, If this new version looks good could we get an Ack please? I need to start backporting this fix to Android and would like a confirmation before doing so. Thanks!
On Fri, Jan 24, 2020 at 12:40:15PM +0100, Michal Koutný wrote: > PF_EXITING is set earlier than actual removal from css_set when a task > is exitting. This can confuse cgroup.procs readers who see no PF_EXITING > tasks, however, rmdir is checking against css_set membership so it can > transitionally fail with EBUSY. > > Fix this by listing tasks that weren't unlinked from css_set active > lists. > It may happen that other users of the task iterator (without > CSS_TASK_ITER_PROCS) spot a PF_EXITING task before cgroup_exit(). This > is equal to the state before commit c03cd7738a83 ("cgroup: Include dying > leaders with live threads in PROCS iterations") but it may be reviewed > later. > > Reported-by: Suren Baghdasaryan <surenb@google.com> > Fixes: c03cd7738a83 ("cgroup: Include dying leaders with live threads in PROCS iterations") > Signed-off-by: Michal Koutný <mkoutny@suse.com> Applied to cgroup/for-5.6-fixes. Thanks.
diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h index d7ddebd0cdec..e75d2191226b 100644 --- a/include/linux/cgroup.h +++ b/include/linux/cgroup.h @@ -62,6 +62,7 @@ struct css_task_iter { struct list_head *mg_tasks_head; struct list_head *dying_tasks_head; + struct list_head *cur_tasks_head; struct css_set *cur_cset; struct css_set *cur_dcset; struct task_struct *cur_task; diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 735af8f15f95..a6e3619e013b 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -4404,12 +4404,16 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) } } while (!css_set_populated(cset) && list_empty(&cset->dying_tasks)); - if (!list_empty(&cset->tasks)) + if (!list_empty(&cset->tasks)) { it->task_pos = cset->tasks.next; - else if (!list_empty(&cset->mg_tasks)) + it->cur_tasks_head = &cset->tasks; + } else if (!list_empty(&cset->mg_tasks)) { it->task_pos = cset->mg_tasks.next; - else + it->cur_tasks_head = &cset->mg_tasks; + } else { it->task_pos = cset->dying_tasks.next; + it->cur_tasks_head = &cset->dying_tasks; + } it->tasks_head = &cset->tasks; it->mg_tasks_head = &cset->mg_tasks; @@ -4467,10 +4471,14 @@ static void css_task_iter_advance(struct css_task_iter *it) else it->task_pos = it->task_pos->next; - if (it->task_pos == it->tasks_head) + if (it->task_pos == it->tasks_head) { it->task_pos = it->mg_tasks_head->next; - if (it->task_pos == it->mg_tasks_head) + it->cur_tasks_head = it->mg_tasks_head; + } + if (it->task_pos == it->mg_tasks_head) { it->task_pos = it->dying_tasks_head->next; + it->cur_tasks_head = it->dying_tasks_head; + } if (it->task_pos == it->dying_tasks_head) css_task_iter_advance_css_set(it); } else { @@ -4489,11 +4497,12 @@ static void css_task_iter_advance(struct css_task_iter *it) goto repeat; /* and dying leaders w/o live member threads */ - if (!atomic_read(&task->signal->live)) + if (it->cur_tasks_head == it->dying_tasks_head && + !atomic_read(&task->signal->live)) goto repeat; } else { /* skip all dying ones */ - if (task->flags & PF_EXITING) + if (it->cur_tasks_head == it->dying_tasks_head) goto repeat; } }
PF_EXITING is set earlier than actual removal from css_set when a task is exitting. This can confuse cgroup.procs readers who see no PF_EXITING tasks, however, rmdir is checking against css_set membership so it can transitionally fail with EBUSY. Fix this by listing tasks that weren't unlinked from css_set active lists. It may happen that other users of the task iterator (without CSS_TASK_ITER_PROCS) spot a PF_EXITING task before cgroup_exit(). This is equal to the state before commit c03cd7738a83 ("cgroup: Include dying leaders with live threads in PROCS iterations") but it may be reviewed later. Reported-by: Suren Baghdasaryan <surenb@google.com> Fixes: c03cd7738a83 ("cgroup: Include dying leaders with live threads in PROCS iterations") Signed-off-by: Michal Koutný <mkoutny@suse.com> --- include/linux/cgroup.h | 1 + kernel/cgroup/cgroup.c | 23 ++++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-)