Rafael, I am trying to understand try_to_freeze_tasks(), and I have a
couple of questions.
static inline int is_user_space(struct task_struct *p)
{
return p->mm && !(p->flags & PF_BORROWED_MM);
}
This doesn't look right. First, an exiting task has ->mm == NULL after
do_exit()->exit_mm(). Probably not a problem. However, PF_BORROWED_MM
check is racy without task_lock(), so we can have a false positive as
well. Is it ok? We can freeze aio_wq prematurely.
try_to_freeze_tasks:
do_each_thread(g, p) {
if (p->state == TASK_TRACED && frozen(p->parent)) {
Why we are doing this check outside of "if (is_user_space(p))" ?
Not a bug of course, but looks strange.
cancel_freezing(p);
continue;
Is it right? Shouldn't we increment "todo" counter?
}
if (is_user_space(p)) {
if (!freeze_user_space)
continue;
/* Freeze the task unless there is a vfork
* completion pending
*/
if (!p->vfork_done)
freeze_process(p);
Racy. do_fork(CLONE_VFORK) first does copy_process() which puts 'p' on
the task list and unlocks tasklist_lock. This means that 'p' is visible
to try_to_freeze_tasks(), and p->vfork_done == NULL. try_to_freeze_tasks()
sets TIF_FREEZE.
Now, do_fork() continues, sets ->vfork_done, p goes to user space, notices
the fake signal and goes to refrigerator while its parent is blocked on
"struct completion vfork". Freezing failed.
So, shouldn't we do
if (p->vfork_done)
cancel_freezing(p);
instead?
Thanks,
Oleg.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
