Re: [RFC,PATCH 14/14] utrace core

From: Oleg Nesterov
Date: Wed Dec 02 2009 - 13:40:31 EST

Next message: Nick Piggin: "some recent scheduler patches"
Previous message: Chris Friesen: "question on type conversions in show_map_vma()"
In reply to: Roland McGrath: "Re: [RFC,PATCH 14/14] utrace core"
Next in thread: Oleg Nesterov: "Re: [RFC,PATCH 14/14] utrace core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/01, Peter Zijlstra wrote:
>
> > +static inline __must_check int utrace_control_pid(
> > + struct pid *pid, struct utrace_engine *engine,
> > + enum utrace_resume_action action)
> > +{
> > + /*
> > + * We don't bother with rcu_read_lock() here to protect the
> > + * task_struct pointer, because utrace_control will return
> > + * -ESRCH without looking at that pointer if the engine is
> > + * already detached. A task_struct pointer can't die before
> > + * all the engines are detached in release_task() first.
> > + */
> > + struct task_struct *task = pid_task(pid, PIDTYPE_PID);
> > + return unlikely(!task) ? -ESRCH : utrace_control(task, engine, action);
> > +}
>
> Is that comment correct? Without rcu_read_lock() the pidhash can change
> under our feet and maybe cause funny things?

I already tried to answer, but I guess my email was not very clear. Let me
try again.

pid_task() by itself is safe, but yes, it is possible that utrace_control()
is called with target == NULL, or this task_task was already freed/reused.

utrace_control(target) path does not use target until it verifies it is
safe to dereference it.

get_utrace_lock() calls rcu_read_lock() and checks that engine->ops
is not cleared (NULL or utrace_detached_ops). If we see the valid ->ops
under rcu_read_lock() it is safe to dereference target, even if we race
with release_task() we know that it has not passed utrace_release_task()
yet, and thus we know call_rcu(delayed_put_task_struct) was not yet
called _before_ we took rcu_read_lock().

If it is safe to dereference target, we can take utrace->lock. Once
we take this lock (and re-check engine->ops) the task can't go away
until we drop it, get_utrace_lock() drops rcu lock and returns with
utrace->lock held.

utrace_control() can safely play with target under utrace->lock.

> > + /*
> > + * If this flag is still set it's because there was a signal
> > + * handler setup done but no report_signal following it. Clear
> > + * the flag before we get to user so it doesn't confuse us later.
> > + */
> > + if (unlikely(utrace->signal_handler)) {
> > + spin_lock(&utrace->lock);
> > + utrace->signal_handler = 0;
> > + spin_unlock(&utrace->lock);
> > + }
>
> OK, so maybe you get to explain why this works..

Missed this part yesterday.

Well. ->signal_handler is set by handle_signal() when the signal was
delivered to the tracee. This flag is checked by utrace_get_signal()
to detect the stepping. But we should not return to user-mode with
this flag set, that is why utrace_resume() clears it.

However. This reminds me we were going to try to simplify this logic,
I'll try to think about this.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nick Piggin: "some recent scheduler patches"
Previous message: Chris Friesen: "question on type conversions in show_map_vma()"
In reply to: Roland McGrath: "Re: [RFC,PATCH 14/14] utrace core"
Next in thread: Oleg Nesterov: "Re: [RFC,PATCH 14/14] utrace core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]