2005-04-17 02:20:36 +04:00
/*
* linux / kernel / exit . c
*
* Copyright ( C ) 1991 , 1992 Linus Torvalds
*/
# include <linux/mm.h>
# include <linux/slab.h>
# include <linux/interrupt.h>
# include <linux/module.h>
2006-01-11 23:17:46 +03:00
# include <linux/capability.h>
2005-04-17 02:20:36 +04:00
# include <linux/completion.h>
# include <linux/personality.h>
# include <linux/tty.h>
2006-12-08 13:37:56 +03:00
# include <linux/mnt_namespace.h>
2008-06-30 22:42:08 +04:00
# include <linux/iocontext.h>
2005-04-17 02:20:36 +04:00
# include <linux/key.h>
# include <linux/security.h>
# include <linux/cpu.h>
# include <linux/acct.h>
2006-10-01 10:28:59 +04:00
# include <linux/tsacct_kern.h>
2005-04-17 02:20:36 +04:00
# include <linux/file.h>
2008-04-24 15:44:08 +04:00
# include <linux/fdtable.h>
2005-04-17 02:20:36 +04:00
# include <linux/binfmts.h>
2006-10-02 13:18:06 +04:00
# include <linux/nsproxy.h>
2006-12-08 13:38:01 +03:00
# include <linux/pid_namespace.h>
2005-04-17 02:20:36 +04:00
# include <linux/ptrace.h>
# include <linux/profile.h>
# include <linux/mount.h>
# include <linux/proc_fs.h>
2007-05-09 13:34:33 +04:00
# include <linux/kthread.h>
2005-04-17 02:20:36 +04:00
# include <linux/mempolicy.h>
2006-07-14 11:24:40 +04:00
# include <linux/taskstats_kern.h>
2006-07-14 11:24:36 +04:00
# include <linux/delayacct.h>
2007-07-17 15:03:35 +04:00
# include <linux/freezer.h>
2007-10-19 10:39:33 +04:00
# include <linux/cgroup.h>
2005-04-17 02:20:36 +04:00
# include <linux/syscalls.h>
2005-05-01 19:59:14 +04:00
# include <linux/signal.h>
2006-03-29 04:11:18 +04:00
# include <linux/posix-timers.h>
2005-11-07 11:59:16 +03:00
# include <linux/cn_proc.h>
2006-01-10 02:59:21 +03:00
# include <linux/mutex.h>
2006-03-27 13:16:22 +04:00
# include <linux/futex.h>
2006-04-11 15:52:07 +04:00
# include <linux/pipe_fs_i.h>
2006-03-30 05:30:19 +04:00
# include <linux/audit.h> /* for audit_free() */
2006-06-25 16:47:41 +04:00
# include <linux/resource.h>
2006-08-29 22:05:56 +04:00
# include <linux/blkdev.h>
2007-05-11 09:22:37 +04:00
# include <linux/task_io_accounting_ops.h>
2008-07-26 06:45:46 +04:00
# include <linux/tracehook.h>
2009-03-30 03:50:06 +04:00
# include <linux/fs_struct.h>
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 02:39:23 +03:00
# include <linux/init_task.h>
perf_counter: Dynamically allocate tasks' perf_counter_context struct
This replaces the struct perf_counter_context in the task_struct with
a pointer to a dynamically allocated perf_counter_context struct. The
main reason for doing is this is to allow us to transfer a
perf_counter_context from one task to another when we do lazy PMU
switching in a later patch.
This has a few side-benefits: the task_struct becomes a little smaller,
we save some memory because only tasks that have perf_counters attached
get a perf_counter_context allocated for them, and we can remove the
inclusion of <linux/perf_counter.h> in sched.h, meaning that we don't
end up recompiling nearly everything whenever perf_counter.h changes.
The perf_counter_context structures are reference-counted and freed
when the last reference is dropped. A context can have references
from its task and the counters on its task. Counters can outlive the
task so it is possible that a context will be freed well after its
task has exited.
Contexts are allocated on fork if the parent had a context, or
otherwise the first time that a per-task counter is created on a task.
In the latter case, we set the context pointer in the task struct
locklessly using an atomic compare-and-exchange operation in case we
raced with some other task in creating a context for the subject task.
This also removes the task pointer from the perf_counter struct. The
task pointer was not used anywhere and would make it harder to move a
context from one task to another. Anything that needed to know which
task a counter was attached to was already using counter->ctx->task.
The __perf_counter_init_context function moves up in perf_counter.c
so that it can be called from find_get_context, and now initializes
the refcount, but is otherwise unchanged.
We were potentially calling list_del_counter twice: once from
__perf_counter_exit_task when the task exits and once from
__perf_counter_remove_from_context when the counter's fd gets closed.
This adds a check in list_del_counter so it doesn't do anything if
the counter has already been removed from the lists.
Since perf_counter_task_sched_in doesn't do anything if the task doesn't
have a context, and leaves cpuctx->task_ctx = NULL, this adds code to
__perf_install_in_context to set cpuctx->task_ctx if necessary, i.e. in
the case where the current task adds the first counter to itself and
thus creates a context for itself.
This also adds similar code to __perf_counter_enable to handle a
similar situation which can arise when the counters have been disabled
using prctl; that also leaves cpuctx->task_ctx = NULL.
[ Impact: refactor counter context management to prepare for new feature ]
Signed-off-by: Paul Mackerras <paulus@samba.org>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
LKML-Reference: <18966.10075.781053.231153@cargo.ozlabs.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-05-22 08:17:31 +04:00
# include <linux/perf_counter.h>
2009-04-15 03:39:12 +04:00
# include <trace/events/sched.h>
2005-04-17 02:20:36 +04:00
# include <asm/uaccess.h>
# include <asm/unistd.h>
# include <asm/pgtable.h>
# include <asm/mmu_context.h>
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 02:39:23 +03:00
# include "cred-internals.h"
2005-04-17 02:20:36 +04:00
2005-05-01 19:59:29 +04:00
static void exit_mm ( struct task_struct * tsk ) ;
2005-04-17 02:20:36 +04:00
static void __unhash_process ( struct task_struct * p )
{
nr_threads - - ;
detach_pid ( p , PIDTYPE_PID ) ;
if ( thread_group_leader ( p ) ) {
detach_pid ( p , PIDTYPE_PGID ) ;
detach_pid ( p , PIDTYPE_SID ) ;
2006-03-29 04:11:06 +04:00
2006-04-19 09:20:16 +04:00
list_del_rcu ( & p - > tasks ) ;
2006-03-29 04:11:07 +04:00
__get_cpu_var ( process_counts ) - - ;
2005-04-17 02:20:36 +04:00
}
2006-03-29 04:11:25 +04:00
list_del_rcu ( & p - > thread_group ) ;
2008-03-25 04:36:23 +03:00
list_del_init ( & p - > sibling ) ;
2005-04-17 02:20:36 +04:00
}
2006-03-29 04:11:18 +04:00
/*
* This function expects the tasklist_lock write - locked .
*/
static void __exit_signal ( struct task_struct * tsk )
{
struct signal_struct * sig = tsk - > signal ;
struct sighand_struct * sighand ;
BUG_ON ( ! sig ) ;
BUG_ON ( ! atomic_read ( & sig - > count ) ) ;
sighand = rcu_dereference ( tsk - > sighand ) ;
spin_lock ( & sighand - > siglock ) ;
posix_cpu_timers_exit ( tsk ) ;
if ( atomic_dec_and_test ( & sig - > count ) )
posix_cpu_timers_exit_group ( tsk ) ;
else {
/*
* If there is any task waiting for the group exit
* then notify it :
*/
2007-10-17 10:27:23 +04:00
if ( sig - > group_exit_task & & atomic_read ( & sig - > count ) = = sig - > notify_count )
2006-03-29 04:11:18 +04:00
wake_up_process ( sig - > group_exit_task ) ;
2007-10-17 10:27:23 +04:00
2006-03-29 04:11:18 +04:00
if ( tsk = = sig - > curr_target )
sig - > curr_target = next_thread ( tsk ) ;
/*
* Accumulate here the counters for all threads but the
* group leader as they die , so they can be added into
* the process - wide totals when those are taken .
* The group leader stays around as a zombie as long
* as there are other threads . When it gets reaped ,
* the exit . c code will add its counts into these totals .
* We won ' t ever get here for the group leader , since it
* will have been the last reference on the signal_struct .
*/
2009-02-05 14:24:15 +03:00
sig - > utime = cputime_add ( sig - > utime , task_utime ( tsk ) ) ;
sig - > stime = cputime_add ( sig - > stime , task_stime ( tsk ) ) ;
2008-09-05 20:12:23 +04:00
sig - > gtime = cputime_add ( sig - > gtime , task_gtime ( tsk ) ) ;
2006-03-29 04:11:18 +04:00
sig - > min_flt + = tsk - > min_flt ;
sig - > maj_flt + = tsk - > maj_flt ;
sig - > nvcsw + = tsk - > nvcsw ;
sig - > nivcsw + = tsk - > nivcsw ;
2007-05-11 09:22:37 +04:00
sig - > inblock + = task_io_get_inblock ( tsk ) ;
sig - > oublock + = task_io_get_oublock ( tsk ) ;
2008-07-27 19:29:15 +04:00
task_io_accounting_add ( & sig - > ioac , & tsk - > ioac ) ;
2009-02-05 14:24:15 +03:00
sig - > sum_sched_runtime + = tsk - > se . sum_exec_runtime ;
2006-03-29 04:11:18 +04:00
sig = NULL ; /* Marker for below. */
}
2006-03-29 04:11:20 +04:00
__unhash_process ( tsk ) ;
2008-05-24 00:04:41 +04:00
/*
* Do this under - > siglock , we can race with another thread
* doing sigqueue_free ( ) if we have SIGQUEUE_PREALLOC signals .
*/
flush_sigqueue ( & tsk - > pending ) ;
2006-03-29 04:11:18 +04:00
tsk - > signal = NULL ;
2006-03-29 04:11:27 +04:00
tsk - > sighand = NULL ;
2006-03-29 04:11:18 +04:00
spin_unlock ( & sighand - > siglock ) ;
2006-03-29 04:11:27 +04:00
__cleanup_sighand ( sighand ) ;
2006-03-29 04:11:18 +04:00
clear_tsk_thread_flag ( tsk , TIF_SIGPENDING ) ;
if ( sig ) {
flush_sigqueue ( & sig - > shared_pending ) ;
2006-10-28 21:38:51 +04:00
taskstats_tgid_free ( sig ) ;
2008-11-10 17:39:30 +03:00
/*
* Make sure - > signal can ' t go away under rq - > lock ,
* see account_group_exec_runtime ( ) .
*/
task_rq_unlock_wait ( tsk ) ;
2006-03-29 04:11:18 +04:00
__cleanup_signal ( sig ) ;
}
}
2006-03-31 14:31:37 +04:00
static void delayed_put_task_struct ( struct rcu_head * rhp )
{
tracing, sched: LTTng instrumentation - scheduler
Instrument the scheduler activity (sched_switch, migration, wakeups,
wait for a task, signal delivery) and process/thread
creation/destruction (fork, exit, kthread stop). Actually, kthread
creation is not instrumented in this patch because it is architecture
dependent. It allows to connect tracers such as ftrace which detects
scheduling latencies, good/bad scheduler decisions. Tools like LTTng can
export this scheduler information along with instrumentation of the rest
of the kernel activity to perform post-mortem analysis on the scheduler
activity.
About the performance impact of tracepoints (which is comparable to
markers), even without immediate values optimizations, tests done by
Hideo Aoki on ia64 show no regression. His test case was using hackbench
on a kernel where scheduler instrumentation (about 5 events in code
scheduler code) was added. See the "Tracepoints" patch header for
performance result detail.
Changelog :
- Change instrumentation location and parameter to match ftrace
instrumentation, previously done with kernel markers.
[ mingo@elte.hu: conflict resolutions ]
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Acked-by: 'Peter Zijlstra' <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-18 20:16:17 +04:00
struct task_struct * tsk = container_of ( rhp , struct task_struct , rcu ) ;
2008-12-19 12:20:42 +03:00
# ifdef CONFIG_PERF_COUNTERS
perf_counter: Dynamically allocate tasks' perf_counter_context struct
This replaces the struct perf_counter_context in the task_struct with
a pointer to a dynamically allocated perf_counter_context struct. The
main reason for doing is this is to allow us to transfer a
perf_counter_context from one task to another when we do lazy PMU
switching in a later patch.
This has a few side-benefits: the task_struct becomes a little smaller,
we save some memory because only tasks that have perf_counters attached
get a perf_counter_context allocated for them, and we can remove the
inclusion of <linux/perf_counter.h> in sched.h, meaning that we don't
end up recompiling nearly everything whenever perf_counter.h changes.
The perf_counter_context structures are reference-counted and freed
when the last reference is dropped. A context can have references
from its task and the counters on its task. Counters can outlive the
task so it is possible that a context will be freed well after its
task has exited.
Contexts are allocated on fork if the parent had a context, or
otherwise the first time that a per-task counter is created on a task.
In the latter case, we set the context pointer in the task struct
locklessly using an atomic compare-and-exchange operation in case we
raced with some other task in creating a context for the subject task.
This also removes the task pointer from the perf_counter struct. The
task pointer was not used anywhere and would make it harder to move a
context from one task to another. Anything that needed to know which
task a counter was attached to was already using counter->ctx->task.
The __perf_counter_init_context function moves up in perf_counter.c
so that it can be called from find_get_context, and now initializes
the refcount, but is otherwise unchanged.
We were potentially calling list_del_counter twice: once from
__perf_counter_exit_task when the task exits and once from
__perf_counter_remove_from_context when the counter's fd gets closed.
This adds a check in list_del_counter so it doesn't do anything if
the counter has already been removed from the lists.
Since perf_counter_task_sched_in doesn't do anything if the task doesn't
have a context, and leaves cpuctx->task_ctx = NULL, this adds code to
__perf_install_in_context to set cpuctx->task_ctx if necessary, i.e. in
the case where the current task adds the first counter to itself and
thus creates a context for itself.
This also adds similar code to __perf_counter_enable to handle a
similar situation which can arise when the counters have been disabled
using prctl; that also leaves cpuctx->task_ctx = NULL.
[ Impact: refactor counter context management to prepare for new feature ]
Signed-off-by: Paul Mackerras <paulus@samba.org>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
LKML-Reference: <18966.10075.781053.231153@cargo.ozlabs.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-05-22 08:17:31 +04:00
WARN_ON_ONCE ( tsk - > perf_counter_ctxp ) ;
2008-12-19 12:20:42 +03:00
# endif
tracing, sched: LTTng instrumentation - scheduler
Instrument the scheduler activity (sched_switch, migration, wakeups,
wait for a task, signal delivery) and process/thread
creation/destruction (fork, exit, kthread stop). Actually, kthread
creation is not instrumented in this patch because it is architecture
dependent. It allows to connect tracers such as ftrace which detects
scheduling latencies, good/bad scheduler decisions. Tools like LTTng can
export this scheduler information along with instrumentation of the rest
of the kernel activity to perform post-mortem analysis on the scheduler
activity.
About the performance impact of tracepoints (which is comparable to
markers), even without immediate values optimizations, tests done by
Hideo Aoki on ia64 show no regression. His test case was using hackbench
on a kernel where scheduler instrumentation (about 5 events in code
scheduler code) was added. See the "Tracepoints" patch header for
performance result detail.
Changelog :
- Change instrumentation location and parameter to match ftrace
instrumentation, previously done with kernel markers.
[ mingo@elte.hu: conflict resolutions ]
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Acked-by: 'Peter Zijlstra' <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-18 20:16:17 +04:00
trace_sched_process_free ( tsk ) ;
put_task_struct ( tsk ) ;
2006-03-31 14:31:37 +04:00
}
2008-03-25 04:36:23 +03:00
2005-04-17 02:20:36 +04:00
void release_task ( struct task_struct * p )
{
2006-07-03 11:25:41 +04:00
struct task_struct * leader ;
2005-04-17 02:20:36 +04:00
int zap_leader ;
2006-03-29 04:11:11 +04:00
repeat :
2008-07-26 06:45:48 +04:00
tracehook_prepare_release_task ( p ) ;
2008-11-14 02:39:19 +03:00
/* don't need to get the RCU readlock here - the process is dead and
* can ' t be modifying its own credentials */
atomic_dec ( & __task_cred ( p ) - > user - > processes ) ;
2007-10-19 10:40:03 +04:00
proc_flush_task ( p ) ;
2009-05-17 13:24:08 +04:00
2005-04-17 02:20:36 +04:00
write_lock_irq ( & tasklist_lock ) ;
2008-07-26 06:45:48 +04:00
tracehook_finish_release_task ( p ) ;
2005-04-17 02:20:36 +04:00
__exit_signal ( p ) ;
2006-03-29 04:11:19 +04:00
2005-04-17 02:20:36 +04:00
/*
* If we are the last non - leader member of the thread
* group , and the leader is zombie , then notify the
* group leader ' s parent process . ( if it wants notification . )
*/
zap_leader = 0 ;
leader = p - > group_leader ;
if ( leader ! = p & & thread_group_empty ( leader ) & & leader - > exit_state = = EXIT_ZOMBIE ) {
2008-04-30 11:53:11 +04:00
BUG_ON ( task_detached ( leader ) ) ;
2005-04-17 02:20:36 +04:00
do_notify_parent ( leader , leader - > exit_signal ) ;
/*
* If we were the last child thread and the leader has
* exited already , and the leader ' s parent ignores SIGCHLD ,
* then we are the one who should release the leader .
*
* do_notify_parent ( ) will have marked it self - reaping in
* that case .
*/
2008-04-30 11:53:11 +04:00
zap_leader = task_detached ( leader ) ;
2008-07-26 06:45:48 +04:00
/*
* This maintains the invariant that release_task ( )
* only runs on a task in EXIT_DEAD , just for sanity .
*/
if ( zap_leader )
leader - > exit_state = EXIT_DEAD ;
2005-04-17 02:20:36 +04:00
}
write_unlock_irq ( & tasklist_lock ) ;
release_thread ( p ) ;
2006-03-31 14:31:37 +04:00
call_rcu ( & p - > rcu , delayed_put_task_struct ) ;
2005-04-17 02:20:36 +04:00
p = leader ;
if ( unlikely ( zap_leader ) )
goto repeat ;
}
/*
* This checks not only the pgrp , but falls back on the pid if no
* satisfactory pgrp is found . I dunno - gdb doesn ' t work correctly
* without this . . .
2007-02-12 11:52:56 +03:00
*
* The caller must hold rcu lock or the tasklist lock .
2005-04-17 02:20:36 +04:00
*/
2007-02-12 11:52:56 +03:00
struct pid * session_of_pgrp ( struct pid * pgrp )
2005-04-17 02:20:36 +04:00
{
struct task_struct * p ;
2007-02-12 11:52:56 +03:00
struct pid * sid = NULL ;
2006-12-08 13:38:03 +03:00
2007-02-12 11:52:56 +03:00
p = pid_task ( pgrp , PIDTYPE_PGID ) ;
2006-12-08 13:38:03 +03:00
if ( p = = NULL )
2007-02-12 11:52:56 +03:00
p = pid_task ( pgrp , PIDTYPE_PID ) ;
2006-12-08 13:38:03 +03:00
if ( p ! = NULL )
2007-02-12 11:52:56 +03:00
sid = task_session ( p ) ;
2006-12-08 13:38:03 +03:00
2005-04-17 02:20:36 +04:00
return sid ;
}
/*
* Determine if a process group is " orphaned " , according to the POSIX
* definition in 2.2 .2 .52 . Orphaned process groups are not to be affected
* by terminal - generated stop signals . Newly orphaned process groups are
* to receive a SIGHUP and a SIGCONT .
*
* " I ask you, have you ever known what it is to be an orphan? "
*/
2007-02-12 11:52:57 +03:00
static int will_become_orphaned_pgrp ( struct pid * pgrp , struct task_struct * ignored_task )
2005-04-17 02:20:36 +04:00
{
struct task_struct * p ;
2007-02-12 11:52:57 +03:00
do_each_pid_task ( pgrp , PIDTYPE_PGID , p ) {
2008-03-02 21:44:42 +03:00
if ( ( p = = ignored_task ) | |
( p - > exit_state & & thread_group_empty ( p ) ) | |
is_global_init ( p - > real_parent ) )
2005-04-17 02:20:36 +04:00
continue ;
2008-03-02 21:44:42 +03:00
2007-02-12 11:52:57 +03:00
if ( task_pgrp ( p - > real_parent ) ! = pgrp & &
2008-03-02 21:44:42 +03:00
task_session ( p - > real_parent ) = = task_session ( p ) )
return 0 ;
2007-02-12 11:52:57 +03:00
} while_each_pid_task ( pgrp , PIDTYPE_PGID , p ) ;
2008-03-02 21:44:42 +03:00
return 1 ;
2005-04-17 02:20:36 +04:00
}
2007-02-12 11:52:58 +03:00
int is_current_pgrp_orphaned ( void )
2005-04-17 02:20:36 +04:00
{
int retval ;
read_lock ( & tasklist_lock ) ;
2007-02-12 11:52:58 +03:00
retval = will_become_orphaned_pgrp ( task_pgrp ( current ) , NULL ) ;
2005-04-17 02:20:36 +04:00
read_unlock ( & tasklist_lock ) ;
return retval ;
}
2007-02-12 11:52:57 +03:00
static int has_stopped_jobs ( struct pid * pgrp )
2005-04-17 02:20:36 +04:00
{
int retval = 0 ;
struct task_struct * p ;
2007-02-12 11:52:57 +03:00
do_each_pid_task ( pgrp , PIDTYPE_PGID , p ) {
2007-12-06 19:09:35 +03:00
if ( ! task_is_stopped ( p ) )
2005-04-17 02:20:36 +04:00
continue ;
retval = 1 ;
break ;
2007-02-12 11:52:57 +03:00
} while_each_pid_task ( pgrp , PIDTYPE_PGID , p ) ;
2005-04-17 02:20:36 +04:00
return retval ;
}
2008-03-02 21:44:40 +03:00
/*
* Check to see if any process groups have become orphaned as
* a result of our exiting , and if they have any stopped jobs ,
* send them a SIGHUP and then a SIGCONT . ( POSIX 3.2 .2 .2 )
*/
static void
kill_orphaned_pgrp ( struct task_struct * tsk , struct task_struct * parent )
{
struct pid * pgrp = task_pgrp ( tsk ) ;
struct task_struct * ignored_task = tsk ;
if ( ! parent )
/* exit: our father is in a different pgrp than
* we are and we were the only connection outside .
*/
parent = tsk - > real_parent ;
else
/* reparent: our child is in a different pgrp than
* we are , and it was the only connection outside .
*/
ignored_task = NULL ;
if ( task_pgrp ( parent ) ! = pgrp & &
task_session ( parent ) = = task_session ( tsk ) & &
will_become_orphaned_pgrp ( pgrp , ignored_task ) & &
has_stopped_jobs ( pgrp ) ) {
__kill_pgrp_info ( SIGHUP , SEND_SIG_PRIV , pgrp ) ;
__kill_pgrp_info ( SIGCONT , SEND_SIG_PRIV , pgrp ) ;
}
}
2005-04-17 02:20:36 +04:00
/**
2007-05-09 13:34:33 +04:00
* reparent_to_kthreadd - Reparent the calling kernel thread to kthreadd
2005-04-17 02:20:36 +04:00
*
* If a kernel thread is launched as a result of a system call , or if
2007-05-09 13:34:33 +04:00
* it ever exits , it should generally reparent itself to kthreadd so it
* isn ' t in the way of other processes and is correctly cleaned up on exit .
2005-04-17 02:20:36 +04:00
*
* The various task state such as scheduling policy and priority may have
* been inherited from a user process , so we reset them to sane values here .
*
2007-05-09 13:34:33 +04:00
* NOTE that reparent_to_kthreadd ( ) gives the caller full capabilities .
2005-04-17 02:20:36 +04:00
*/
2007-05-09 13:34:33 +04:00
static void reparent_to_kthreadd ( void )
2005-04-17 02:20:36 +04:00
{
write_lock_irq ( & tasklist_lock ) ;
ptrace_unlink ( current ) ;
/* Reparent to init */
2007-05-09 13:34:33 +04:00
current - > real_parent = current - > parent = kthreadd_task ;
2008-03-25 04:36:23 +03:00
list_move_tail ( & current - > sibling , & current - > real_parent - > children ) ;
2005-04-17 02:20:36 +04:00
/* Set the exit signal to SIGCHLD so we signal init on exit */
current - > exit_signal = SIGCHLD ;
2007-07-09 20:51:59 +04:00
if ( task_nice ( current ) < 0 )
2005-04-17 02:20:36 +04:00
set_user_nice ( current , 0 ) ;
/* cpus_allowed? */
/* rt_priority? */
/* signals? */
memcpy ( current - > signal - > rlim , init_task . signal - > rlim ,
sizeof ( current - > signal - > rlim ) ) ;
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 02:39:23 +03:00
atomic_inc ( & init_cred . usage ) ;
commit_creds ( & init_cred ) ;
2005-04-17 02:20:36 +04:00
write_unlock_irq ( & tasklist_lock ) ;
}
2008-02-08 15:19:09 +03:00
void __set_special_pids ( struct pid * pid )
2005-04-17 02:20:36 +04:00
{
2006-01-08 12:03:58 +03:00
struct task_struct * curr = current - > group_leader ;
2005-04-17 02:20:36 +04:00
2009-04-03 03:58:39 +04:00
if ( task_session ( curr ) ! = pid )
2008-04-30 11:54:27 +04:00
change_pid ( curr , PIDTYPE_SID , pid ) ;
2009-04-03 03:58:39 +04:00
if ( task_pgrp ( curr ) ! = pid )
2008-04-30 11:54:27 +04:00
change_pid ( curr , PIDTYPE_PGID , pid ) ;
2005-04-17 02:20:36 +04:00
}
2008-02-08 15:19:09 +03:00
static void set_special_pids ( struct pid * pid )
2005-04-17 02:20:36 +04:00
{
write_lock_irq ( & tasklist_lock ) ;
2008-02-08 15:19:09 +03:00
__set_special_pids ( pid ) ;
2005-04-17 02:20:36 +04:00
write_unlock_irq ( & tasklist_lock ) ;
}
/*
* Let kernel threads use this to say that they
* allow a certain signal ( since daemonize ( ) will
* have disabled all of them by default ) .
*/
int allow_signal ( int sig )
{
2005-05-01 19:59:14 +04:00
if ( ! valid_signal ( sig ) | | sig < 1 )
2005-04-17 02:20:36 +04:00
return - EINVAL ;
spin_lock_irq ( & current - > sighand - > siglock ) ;
sigdelset ( & current - > blocked , sig ) ;
if ( ! current - > mm ) {
/* Kernel threads handle their own signals.
Let the signal code know it ' ll be handled , so
that they don ' t get converted to SIGKILL or
just silently dropped */
current - > sighand - > action [ ( sig ) - 1 ] . sa . sa_handler = ( void __user * ) 2 ;
}
recalc_sigpending ( ) ;
spin_unlock_irq ( & current - > sighand - > siglock ) ;
return 0 ;
}
EXPORT_SYMBOL ( allow_signal ) ;
int disallow_signal ( int sig )
{
2005-05-01 19:59:14 +04:00
if ( ! valid_signal ( sig ) | | sig < 1 )
2005-04-17 02:20:36 +04:00
return - EINVAL ;
spin_lock_irq ( & current - > sighand - > siglock ) ;
2007-05-09 13:34:37 +04:00
current - > sighand - > action [ ( sig ) - 1 ] . sa . sa_handler = SIG_IGN ;
2005-04-17 02:20:36 +04:00
recalc_sigpending ( ) ;
spin_unlock_irq ( & current - > sighand - > siglock ) ;
return 0 ;
}
EXPORT_SYMBOL ( disallow_signal ) ;
/*
* Put all the gunge required to become a kernel thread without
* attached user resources in one place where it belongs .
*/
void daemonize ( const char * name , . . . )
{
va_list args ;
sigset_t blocked ;
va_start ( args , name ) ;
vsnprintf ( current - > comm , sizeof ( current - > comm ) , name , args ) ;
va_end ( args ) ;
/*
* If we were started as result of loading a module , close all of the
* user space pages . We don ' t need them , and if we didn ' t close them
* they would be locked into memory .
*/
exit_mm ( current ) ;
2007-07-17 15:03:35 +04:00
/*
* We don ' t want to have TIF_FREEZE set if the system - wide hibernation
* or suspend transition begins right now .
*/
2008-07-25 12:47:37 +04:00
current - > flags | = ( PF_NOFREEZE | PF_KTHREAD ) ;
2005-04-17 02:20:36 +04:00
2008-02-08 15:19:09 +03:00
if ( current - > nsproxy ! = & init_nsproxy ) {
get_nsproxy ( & init_nsproxy ) ;
switch_task_namespaces ( current , & init_nsproxy ) ;
}
2008-02-08 15:19:10 +03:00
set_special_pids ( & init_struct_pid ) ;
2006-12-08 13:36:04 +03:00
proc_clear_tty ( current ) ;
2005-04-17 02:20:36 +04:00
/* Block and flush all signals */
sigfillset ( & blocked ) ;
sigprocmask ( SIG_BLOCK , & blocked , NULL ) ;
flush_signals ( current ) ;
/* Become as one with the init task */
2009-03-30 03:00:13 +04:00
daemonize_fs_struct ( ) ;
2007-10-19 10:39:59 +04:00
exit_files ( current ) ;
2005-04-17 02:20:36 +04:00
current - > files = init_task . files ;
atomic_inc ( & current - > files - > count ) ;
2007-05-09 13:34:33 +04:00
reparent_to_kthreadd ( ) ;
2005-04-17 02:20:36 +04:00
}
EXPORT_SYMBOL ( daemonize ) ;
2006-01-15 00:20:43 +03:00
static void close_files ( struct files_struct * files )
2005-04-17 02:20:36 +04:00
{
int i , j ;
2005-09-10 00:04:10 +04:00
struct fdtable * fdt ;
2005-04-17 02:20:36 +04:00
j = 0 ;
2005-09-17 06:28:13 +04:00
/*
* It is safe to dereference the fd table without RCU or
* - > file_lock because this is the last reference to the
* files structure .
*/
2005-09-10 00:04:10 +04:00
fdt = files_fdtable ( files ) ;
2005-04-17 02:20:36 +04:00
for ( ; ; ) {
unsigned long set ;
i = j * __NFDBITS ;
2006-12-10 13:21:12 +03:00
if ( i > = fdt - > max_fds )
2005-04-17 02:20:36 +04:00
break ;
2005-09-10 00:04:10 +04:00
set = fdt - > open_fds - > fds_bits [ j + + ] ;
2005-04-17 02:20:36 +04:00
while ( set ) {
if ( set & 1 ) {
2005-09-10 00:04:10 +04:00
struct file * file = xchg ( & fdt - > fd [ i ] , NULL ) ;
2007-02-12 11:52:26 +03:00
if ( file ) {
2005-04-17 02:20:36 +04:00
filp_close ( file , files ) ;
2007-02-12 11:52:26 +03:00
cond_resched ( ) ;
}
2005-04-17 02:20:36 +04:00
}
i + + ;
set > > = 1 ;
}
}
}
struct files_struct * get_files_struct ( struct task_struct * task )
{
struct files_struct * files ;
task_lock ( task ) ;
files = task - > files ;
if ( files )
atomic_inc ( & files - > count ) ;
task_unlock ( task ) ;
return files ;
}
2008-02-08 15:19:53 +03:00
void put_files_struct ( struct files_struct * files )
2005-04-17 02:20:36 +04:00
{
2005-09-10 00:04:10 +04:00
struct fdtable * fdt ;
2005-04-17 02:20:36 +04:00
if ( atomic_dec_and_test ( & files - > count ) ) {
close_files ( files ) ;
/*
* Free the fd and fdset arrays if we expanded them .
2005-09-10 00:04:13 +04:00
* If the fdtable was embedded , pass files for freeing
* at the end of the RCU grace period . Otherwise ,
* you can free files immediately .
2005-04-17 02:20:36 +04:00
*/
2005-09-10 00:04:10 +04:00
fdt = files_fdtable ( files ) ;
2006-12-10 13:21:17 +03:00
if ( fdt ! = & files - > fdtab )
2005-09-10 00:04:13 +04:00
kmem_cache_free ( files_cachep , files ) ;
2006-12-22 12:10:43 +03:00
free_fdtable ( fdt ) ;
2005-04-17 02:20:36 +04:00
}
}
2008-04-22 13:31:30 +04:00
void reset_files_struct ( struct files_struct * files )
2006-09-29 13:00:05 +04:00
{
2008-04-22 13:31:30 +04:00
struct task_struct * tsk = current ;
2006-09-29 13:00:05 +04:00
struct files_struct * old ;
old = tsk - > files ;
task_lock ( tsk ) ;
tsk - > files = files ;
task_unlock ( tsk ) ;
put_files_struct ( old ) ;
}
2008-04-22 13:35:42 +04:00
void exit_files ( struct task_struct * tsk )
2005-04-17 02:20:36 +04:00
{
struct files_struct * files = tsk - > files ;
if ( files ) {
task_lock ( tsk ) ;
tsk - > files = NULL ;
task_unlock ( tsk ) ;
put_files_struct ( files ) ;
}
}
cgroups: add an owner to the mm_struct
Remove the mem_cgroup member from mm_struct and instead adds an owner.
This approach was suggested by Paul Menage. The advantage of this approach
is that, once the mm->owner is known, using the subsystem id, the cgroup
can be determined. It also allows several control groups that are
virtually grouped by mm_struct, to exist independent of the memory
controller i.e., without adding mem_cgroup's for each controller, to
mm_struct.
A new config option CONFIG_MM_OWNER is added and the memory resource
controller selects this config option.
This patch also adds cgroup callbacks to notify subsystems when mm->owner
changes. The mm_cgroup_changed callback is called with the task_lock() of
the new task held and is called just prior to changing the mm->owner.
I am indebted to Paul Menage for the several reviews of this patchset and
helping me make it lighter and simpler.
This patch was tested on a powerpc box, it was compiled with both the
MM_OWNER config turned on and off.
After the thread group leader exits, it's moved to init_css_state by
cgroup_exit(), thus all future charges from runnings threads would be
redirected to the init_css_set's subsystem.
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Cc: Pavel Emelianov <xemul@openvz.org>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Sudhir Kumar <skumar@linux.vnet.ibm.com>
Cc: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Cc: Hirokazu Takahashi <taka@valinux.co.jp>
Cc: David Rientjes <rientjes@google.com>,
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Reviewed-by: Paul Menage <menage@google.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 12:00:16 +04:00
# ifdef CONFIG_MM_OWNER
/*
* Task p is exiting and it owned mm , lets find a new owner for it
*/
static inline int
mm_need_new_owner ( struct mm_struct * mm , struct task_struct * p )
{
/*
* If there are other users of the mm and the owner ( us ) is exiting
* we need to find a new owner to take on the responsibility .
*/
if ( atomic_read ( & mm - > mm_users ) < = 1 )
return 0 ;
if ( mm - > owner ! = p )
return 0 ;
return 1 ;
}
void mm_update_next_owner ( struct mm_struct * mm )
{
struct task_struct * c , * g , * p = current ;
retry :
if ( ! mm_need_new_owner ( mm , p ) )
return ;
read_lock ( & tasklist_lock ) ;
/*
* Search in the children
*/
list_for_each_entry ( c , & p - > children , sibling ) {
if ( c - > mm = = mm )
goto assign_new_owner ;
}
/*
* Search in the siblings
*/
list_for_each_entry ( c , & p - > parent - > children , sibling ) {
if ( c - > mm = = mm )
goto assign_new_owner ;
}
/*
* Search through everything else . We should not get
* here often
*/
do_each_thread ( g , c ) {
if ( c - > mm = = mm )
goto assign_new_owner ;
} while_each_thread ( g , c ) ;
read_unlock ( & tasklist_lock ) ;
mm owner: fix race between swapoff and exit
There's a race between mm->owner assignment and swapoff, more easily
seen when task slab poisoning is turned on. The condition occurs when
try_to_unuse() runs in parallel with an exiting task. A similar race
can occur with callers of get_task_mm(), such as /proc/<pid>/<mmstats>
or ptrace or page migration.
CPU0 CPU1
try_to_unuse
looks at mm = task0->mm
increments mm->mm_users
task 0 exits
mm->owner needs to be updated, but no
new owner is found (mm_users > 1, but
no other task has task->mm = task0->mm)
mm_update_next_owner() leaves
mmput(mm) decrements mm->mm_users
task0 freed
dereferencing mm->owner fails
The fix is to notify the subsystem via mm_owner_changed callback(),
if no new owner is found, by specifying the new task as NULL.
Jiri Slaby:
mm->owner was set to NULL prior to calling cgroup_mm_owner_callbacks(), but
must be set after that, so as not to pass NULL as old owner causing oops.
Daisuke Nishimura:
mm_update_next_owner() may set mm->owner to NULL, but mem_cgroup_from_task()
and its callers need to take account of this situation to avoid oops.
Hugh Dickins:
Lockdep warning and hang below exec_mmap() when testing these patches.
exit_mm() up_reads mmap_sem before calling mm_update_next_owner(),
so exec_mmap() now needs to do the same. And with that repositioning,
there's now no point in mm_need_new_owner() allowing for NULL mm.
Reported-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-29 02:09:31 +04:00
/*
* We found no owner yet mm_users > 1 : this implies that we are
* most likely racing with swapoff ( try_to_unuse ( ) ) or / proc or
2009-01-07 01:39:22 +03:00
* ptrace or page migration ( get_task_mm ( ) ) . Mark owner as NULL .
mm owner: fix race between swapoff and exit
There's a race between mm->owner assignment and swapoff, more easily
seen when task slab poisoning is turned on. The condition occurs when
try_to_unuse() runs in parallel with an exiting task. A similar race
can occur with callers of get_task_mm(), such as /proc/<pid>/<mmstats>
or ptrace or page migration.
CPU0 CPU1
try_to_unuse
looks at mm = task0->mm
increments mm->mm_users
task 0 exits
mm->owner needs to be updated, but no
new owner is found (mm_users > 1, but
no other task has task->mm = task0->mm)
mm_update_next_owner() leaves
mmput(mm) decrements mm->mm_users
task0 freed
dereferencing mm->owner fails
The fix is to notify the subsystem via mm_owner_changed callback(),
if no new owner is found, by specifying the new task as NULL.
Jiri Slaby:
mm->owner was set to NULL prior to calling cgroup_mm_owner_callbacks(), but
must be set after that, so as not to pass NULL as old owner causing oops.
Daisuke Nishimura:
mm_update_next_owner() may set mm->owner to NULL, but mem_cgroup_from_task()
and its callers need to take account of this situation to avoid oops.
Hugh Dickins:
Lockdep warning and hang below exec_mmap() when testing these patches.
exit_mm() up_reads mmap_sem before calling mm_update_next_owner(),
so exec_mmap() now needs to do the same. And with that repositioning,
there's now no point in mm_need_new_owner() allowing for NULL mm.
Reported-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-29 02:09:31 +04:00
*/
mm - > owner = NULL ;
cgroups: add an owner to the mm_struct
Remove the mem_cgroup member from mm_struct and instead adds an owner.
This approach was suggested by Paul Menage. The advantage of this approach
is that, once the mm->owner is known, using the subsystem id, the cgroup
can be determined. It also allows several control groups that are
virtually grouped by mm_struct, to exist independent of the memory
controller i.e., without adding mem_cgroup's for each controller, to
mm_struct.
A new config option CONFIG_MM_OWNER is added and the memory resource
controller selects this config option.
This patch also adds cgroup callbacks to notify subsystems when mm->owner
changes. The mm_cgroup_changed callback is called with the task_lock() of
the new task held and is called just prior to changing the mm->owner.
I am indebted to Paul Menage for the several reviews of this patchset and
helping me make it lighter and simpler.
This patch was tested on a powerpc box, it was compiled with both the
MM_OWNER config turned on and off.
After the thread group leader exits, it's moved to init_css_state by
cgroup_exit(), thus all future charges from runnings threads would be
redirected to the init_css_set's subsystem.
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Cc: Pavel Emelianov <xemul@openvz.org>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Sudhir Kumar <skumar@linux.vnet.ibm.com>
Cc: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Cc: Hirokazu Takahashi <taka@valinux.co.jp>
Cc: David Rientjes <rientjes@google.com>,
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Reviewed-by: Paul Menage <menage@google.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 12:00:16 +04:00
return ;
assign_new_owner :
BUG_ON ( c = = p ) ;
get_task_struct ( c ) ;
/*
* The task_lock protects c - > mm from changing .
* We always want mm - > owner - > mm = = mm
*/
task_lock ( c ) ;
2009-01-07 01:39:22 +03:00
/*
* Delay read_unlock ( ) till we have the task_lock ( )
* to ensure that c does not slip away underneath us
*/
read_unlock ( & tasklist_lock ) ;
cgroups: add an owner to the mm_struct
Remove the mem_cgroup member from mm_struct and instead adds an owner.
This approach was suggested by Paul Menage. The advantage of this approach
is that, once the mm->owner is known, using the subsystem id, the cgroup
can be determined. It also allows several control groups that are
virtually grouped by mm_struct, to exist independent of the memory
controller i.e., without adding mem_cgroup's for each controller, to
mm_struct.
A new config option CONFIG_MM_OWNER is added and the memory resource
controller selects this config option.
This patch also adds cgroup callbacks to notify subsystems when mm->owner
changes. The mm_cgroup_changed callback is called with the task_lock() of
the new task held and is called just prior to changing the mm->owner.
I am indebted to Paul Menage for the several reviews of this patchset and
helping me make it lighter and simpler.
This patch was tested on a powerpc box, it was compiled with both the
MM_OWNER config turned on and off.
After the thread group leader exits, it's moved to init_css_state by
cgroup_exit(), thus all future charges from runnings threads would be
redirected to the init_css_set's subsystem.
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Cc: Pavel Emelianov <xemul@openvz.org>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Sudhir Kumar <skumar@linux.vnet.ibm.com>
Cc: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Cc: Hirokazu Takahashi <taka@valinux.co.jp>
Cc: David Rientjes <rientjes@google.com>,
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Reviewed-by: Paul Menage <menage@google.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 12:00:16 +04:00
if ( c - > mm ! = mm ) {
task_unlock ( c ) ;
put_task_struct ( c ) ;
goto retry ;
}
mm - > owner = c ;
task_unlock ( c ) ;
put_task_struct ( c ) ;
}
# endif /* CONFIG_MM_OWNER */
2005-04-17 02:20:36 +04:00
/*
* Turn us into a lazy TLB process if we
* aren ' t already . .
*/
2005-05-01 19:59:29 +04:00
static void exit_mm ( struct task_struct * tsk )
2005-04-17 02:20:36 +04:00
{
struct mm_struct * mm = tsk - > mm ;
2008-07-25 12:47:44 +04:00
struct core_state * core_state ;
2005-04-17 02:20:36 +04:00
mm_release ( tsk , mm ) ;
if ( ! mm )
return ;
/*
* Serialize with any possible pending coredump .
2008-07-25 12:47:41 +04:00
* We must hold mmap_sem around checking core_state
2005-04-17 02:20:36 +04:00
* and clearing tsk - > mm . The core - inducing thread
2008-07-25 12:47:41 +04:00
* will increment - > nr_threads for each thread in the
2005-04-17 02:20:36 +04:00
* group with - > mm ! = NULL .
*/
down_read ( & mm - > mmap_sem ) ;
2008-07-25 12:47:44 +04:00
core_state = mm - > core_state ;
if ( core_state ) {
struct core_thread self ;
2005-04-17 02:20:36 +04:00
up_read ( & mm - > mmap_sem ) ;
2008-07-25 12:47:42 +04:00
2008-07-25 12:47:44 +04:00
self . task = tsk ;
self . next = xchg ( & core_state - > dumper . next , & self ) ;
/*
* Implies mb ( ) , the result of xchg ( ) must be visible
* to core_state - > dumper .
*/
if ( atomic_dec_and_test ( & core_state - > nr_threads ) )
complete ( & core_state - > startup ) ;
2005-04-17 02:20:36 +04:00
2008-07-25 12:47:46 +04:00
for ( ; ; ) {
set_task_state ( tsk , TASK_UNINTERRUPTIBLE ) ;
if ( ! self . task ) /* see coredump_finish() */
break ;
schedule ( ) ;
}
__set_task_state ( tsk , TASK_RUNNING ) ;
2005-04-17 02:20:36 +04:00
down_read ( & mm - > mmap_sem ) ;
}
atomic_inc ( & mm - > mm_count ) ;
2006-06-23 13:06:06 +04:00
BUG_ON ( mm ! = tsk - > active_mm ) ;
2005-04-17 02:20:36 +04:00
/* more a memory barrier than a real lock */
task_lock ( tsk ) ;
tsk - > mm = NULL ;
up_read ( & mm - > mmap_sem ) ;
enter_lazy_tlb ( mm , current ) ;
2007-07-19 12:47:33 +04:00
/* We don't want this task to be frozen prematurely */
clear_freeze_flag ( tsk ) ;
2005-04-17 02:20:36 +04:00
task_unlock ( tsk ) ;
cgroups: add an owner to the mm_struct
Remove the mem_cgroup member from mm_struct and instead adds an owner.
This approach was suggested by Paul Menage. The advantage of this approach
is that, once the mm->owner is known, using the subsystem id, the cgroup
can be determined. It also allows several control groups that are
virtually grouped by mm_struct, to exist independent of the memory
controller i.e., without adding mem_cgroup's for each controller, to
mm_struct.
A new config option CONFIG_MM_OWNER is added and the memory resource
controller selects this config option.
This patch also adds cgroup callbacks to notify subsystems when mm->owner
changes. The mm_cgroup_changed callback is called with the task_lock() of
the new task held and is called just prior to changing the mm->owner.
I am indebted to Paul Menage for the several reviews of this patchset and
helping me make it lighter and simpler.
This patch was tested on a powerpc box, it was compiled with both the
MM_OWNER config turned on and off.
After the thread group leader exits, it's moved to init_css_state by
cgroup_exit(), thus all future charges from runnings threads would be
redirected to the init_css_set's subsystem.
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Cc: Pavel Emelianov <xemul@openvz.org>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Sudhir Kumar <skumar@linux.vnet.ibm.com>
Cc: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Cc: Hirokazu Takahashi <taka@valinux.co.jp>
Cc: David Rientjes <rientjes@google.com>,
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Reviewed-by: Paul Menage <menage@google.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 12:00:16 +04:00
mm_update_next_owner ( mm ) ;
2005-04-17 02:20:36 +04:00
mmput ( mm ) ;
}
/*
* When we die , we re - parent all our children .
* Try to give them to another thread in our thread
* group , and if no such member exists , give it to
2006-12-08 13:38:01 +03:00
* the child reaper process ( ie " init " ) in our pid
* space .
2005-04-17 02:20:36 +04:00
*/
2008-09-03 01:35:49 +04:00
static struct task_struct * find_new_reaper ( struct task_struct * father )
{
struct pid_namespace * pid_ns = task_active_pid_ns ( father ) ;
struct task_struct * thread ;
thread = father ;
while_each_thread ( father , thread ) {
if ( thread - > flags & PF_EXITING )
continue ;
if ( unlikely ( pid_ns - > child_reaper = = father ) )
pid_ns - > child_reaper = thread ;
return thread ;
}
if ( unlikely ( pid_ns - > child_reaper = = father ) ) {
write_unlock_irq ( & tasklist_lock ) ;
if ( unlikely ( pid_ns = = & init_pid_ns ) )
panic ( " Attempted to kill init! " ) ;
zap_pid_ns_processes ( pid_ns ) ;
write_lock_irq ( & tasklist_lock ) ;
/*
* We can not clear - > child_reaper or leave it alone .
* There may by stealth EXIT_DEAD tasks on - > children ,
* forget_original_parent ( ) must move them somewhere .
*/
pid_ns - > child_reaper = init_pid_ns . child_reaper ;
}
return pid_ns - > child_reaper ;
}
2009-04-03 03:58:19 +04:00
/*
* Any that need to be release_task ' d are put on the @ dead list .
*/
static void reparent_thread ( struct task_struct * father , struct task_struct * p ,
struct list_head * dead )
{
if ( p - > pdeath_signal )
group_send_sig_info ( p - > pdeath_signal , SEND_SIG_NOINFO , p ) ;
list_move_tail ( & p - > sibling , & p - > real_parent - > children ) ;
if ( task_detached ( p ) )
return ;
/*
* If this is a threaded reparent there is no need to
* notify anyone anything has happened .
*/
if ( same_thread_group ( p - > real_parent , father ) )
return ;
/* We don't want people slaying init. */
p - > exit_signal = SIGCHLD ;
/* If it has exited notify the new parent about this child's death. */
if ( ! p - > ptrace & &
p - > exit_state = = EXIT_ZOMBIE & & thread_group_empty ( p ) ) {
do_notify_parent ( p , p - > exit_signal ) ;
if ( task_detached ( p ) ) {
p - > exit_state = EXIT_DEAD ;
list_move_tail ( & p - > sibling , dead ) ;
}
}
kill_orphaned_pgrp ( p , father ) ;
}
pid namespaces: rework forget_original_parent()
A pid namespace is a "view" of a particular set of tasks on the system. They
work in a similar way to filesystem namespaces. A file (or a process) can be
accessed in multiple namespaces, but it may have a different name in each. In
a filesystem, this name might be /etc/passwd in one namespace, but
/chroot/etc/passwd in another.
For processes, a process may have pid 1234 in one namespace, but be pid 1 in
another. This allows new pid namespaces to have basically arbitrary pids, and
not have to worry about what pids exist in other namespaces. This is
essential for checkpoint/restart where a restarted process's pid might collide
with an existing process on the system's pid.
In this particular implementation, pid namespaces have a parent-child
relationship, just like processes. A process in a pid namespace may see all
of the processes in the same namespace, as well as all of the processes in all
of the namespaces which are children of its namespace. Processes may not,
however, see others which are in their parent's namespace, but not in their
own. The same goes for sibling namespaces.
The know issue to be solved in the nearest future is signal handling in the
namespace boundary. That is, currently the namespace's init is treated like
an ordinary task that can be killed from within an namespace. Ideally, the
signal handling by the namespace's init should have two sides: when signaling
the init from its namespace, the init should look like a real init task, i.e.
receive only those signals, that is explicitly wants to; when signaling the
init from one of the parent namespaces, init should look like an ordinary
task, i.e. receive any signal, only taking the general permissions into
account.
The pid namespace was developed by Pavel Emlyanov and Sukadev Bhattiprolu and
we eventually came to almost the same implementation, which differed in some
details. This set is based on Pavel's patches, but it includes comments and
patches that from Sukadev.
Many thanks to Oleg, who reviewed the patches, pointed out many BUGs and made
valuable advises on how to make this set cleaner.
This patch:
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will reparent
theirs for it. Why this is needed is explained in appropriate patch. This
one only reworks the forget_original_parent() so that after calling this a
task cannot be/become parent of any other task.
We check PF_EXITING instead of ->exit_state while choosing the new parent.
Note that tasklits_lock acts as a barrier, everyone who takes tasklist after
us (when forget_original_parent() drops it) must see PF_EXITING.
The other changes are just cleanups. They just move some code from
exit_notify to forget_original_parent(). It is a bit silly to declare
ptrace_dead in exit_notify(), take tasklist, pass ptrace_dead to
forget_original_parent(), unlock-lock-unlock tasklist, and then use
ptrace_dead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-19 10:40:00 +04:00
static void forget_original_parent ( struct task_struct * father )
2005-04-17 02:20:36 +04:00
{
2008-09-03 01:35:49 +04:00
struct task_struct * p , * n , * reaper ;
2009-04-03 03:58:19 +04:00
LIST_HEAD ( dead_children ) ;
pid namespaces: rework forget_original_parent()
A pid namespace is a "view" of a particular set of tasks on the system. They
work in a similar way to filesystem namespaces. A file (or a process) can be
accessed in multiple namespaces, but it may have a different name in each. In
a filesystem, this name might be /etc/passwd in one namespace, but
/chroot/etc/passwd in another.
For processes, a process may have pid 1234 in one namespace, but be pid 1 in
another. This allows new pid namespaces to have basically arbitrary pids, and
not have to worry about what pids exist in other namespaces. This is
essential for checkpoint/restart where a restarted process's pid might collide
with an existing process on the system's pid.
In this particular implementation, pid namespaces have a parent-child
relationship, just like processes. A process in a pid namespace may see all
of the processes in the same namespace, as well as all of the processes in all
of the namespaces which are children of its namespace. Processes may not,
however, see others which are in their parent's namespace, but not in their
own. The same goes for sibling namespaces.
The know issue to be solved in the nearest future is signal handling in the
namespace boundary. That is, currently the namespace's init is treated like
an ordinary task that can be killed from within an namespace. Ideally, the
signal handling by the namespace's init should have two sides: when signaling
the init from its namespace, the init should look like a real init task, i.e.
receive only those signals, that is explicitly wants to; when signaling the
init from one of the parent namespaces, init should look like an ordinary
task, i.e. receive any signal, only taking the general permissions into
account.
The pid namespace was developed by Pavel Emlyanov and Sukadev Bhattiprolu and
we eventually came to almost the same implementation, which differed in some
details. This set is based on Pavel's patches, but it includes comments and
patches that from Sukadev.
Many thanks to Oleg, who reviewed the patches, pointed out many BUGs and made
valuable advises on how to make this set cleaner.
This patch:
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will reparent
theirs for it. Why this is needed is explained in appropriate patch. This
one only reworks the forget_original_parent() so that after calling this a
task cannot be/become parent of any other task.
We check PF_EXITING instead of ->exit_state while choosing the new parent.
Note that tasklits_lock acts as a barrier, everyone who takes tasklist after
us (when forget_original_parent() drops it) must see PF_EXITING.
The other changes are just cleanups. They just move some code from
exit_notify to forget_original_parent(). It is a bit silly to declare
ptrace_dead in exit_notify(), take tasklist, pass ptrace_dead to
forget_original_parent(), unlock-lock-unlock tasklist, and then use
ptrace_dead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-19 10:40:00 +04:00
2009-04-03 03:58:18 +04:00
exit_ptrace ( father ) ;
pid namespaces: rework forget_original_parent()
A pid namespace is a "view" of a particular set of tasks on the system. They
work in a similar way to filesystem namespaces. A file (or a process) can be
accessed in multiple namespaces, but it may have a different name in each. In
a filesystem, this name might be /etc/passwd in one namespace, but
/chroot/etc/passwd in another.
For processes, a process may have pid 1234 in one namespace, but be pid 1 in
another. This allows new pid namespaces to have basically arbitrary pids, and
not have to worry about what pids exist in other namespaces. This is
essential for checkpoint/restart where a restarted process's pid might collide
with an existing process on the system's pid.
In this particular implementation, pid namespaces have a parent-child
relationship, just like processes. A process in a pid namespace may see all
of the processes in the same namespace, as well as all of the processes in all
of the namespaces which are children of its namespace. Processes may not,
however, see others which are in their parent's namespace, but not in their
own. The same goes for sibling namespaces.
The know issue to be solved in the nearest future is signal handling in the
namespace boundary. That is, currently the namespace's init is treated like
an ordinary task that can be killed from within an namespace. Ideally, the
signal handling by the namespace's init should have two sides: when signaling
the init from its namespace, the init should look like a real init task, i.e.
receive only those signals, that is explicitly wants to; when signaling the
init from one of the parent namespaces, init should look like an ordinary
task, i.e. receive any signal, only taking the general permissions into
account.
The pid namespace was developed by Pavel Emlyanov and Sukadev Bhattiprolu and
we eventually came to almost the same implementation, which differed in some
details. This set is based on Pavel's patches, but it includes comments and
patches that from Sukadev.
Many thanks to Oleg, who reviewed the patches, pointed out many BUGs and made
valuable advises on how to make this set cleaner.
This patch:
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will reparent
theirs for it. Why this is needed is explained in appropriate patch. This
one only reworks the forget_original_parent() so that after calling this a
task cannot be/become parent of any other task.
We check PF_EXITING instead of ->exit_state while choosing the new parent.
Note that tasklits_lock acts as a barrier, everyone who takes tasklist after
us (when forget_original_parent() drops it) must see PF_EXITING.
The other changes are just cleanups. They just move some code from
exit_notify to forget_original_parent(). It is a bit silly to declare
ptrace_dead in exit_notify(), take tasklist, pass ptrace_dead to
forget_original_parent(), unlock-lock-unlock tasklist, and then use
ptrace_dead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-19 10:40:00 +04:00
write_lock_irq ( & tasklist_lock ) ;
2008-09-03 01:35:49 +04:00
reaper = find_new_reaper ( father ) ;
2008-03-25 04:36:23 +03:00
2007-10-19 10:39:57 +04:00
list_for_each_entry_safe ( p , n , & father - > children , sibling ) {
2007-10-17 10:26:49 +04:00
p - > real_parent = reaper ;
2008-03-25 04:36:23 +03:00
if ( p - > parent = = father ) {
BUG_ON ( p - > ptrace ) ;
p - > parent = p - > real_parent ;
}
2009-04-03 03:58:19 +04:00
reparent_thread ( father , p , & dead_children ) ;
2005-04-17 02:20:36 +04:00
}
pid namespaces: rework forget_original_parent()
A pid namespace is a "view" of a particular set of tasks on the system. They
work in a similar way to filesystem namespaces. A file (or a process) can be
accessed in multiple namespaces, but it may have a different name in each. In
a filesystem, this name might be /etc/passwd in one namespace, but
/chroot/etc/passwd in another.
For processes, a process may have pid 1234 in one namespace, but be pid 1 in
another. This allows new pid namespaces to have basically arbitrary pids, and
not have to worry about what pids exist in other namespaces. This is
essential for checkpoint/restart where a restarted process's pid might collide
with an existing process on the system's pid.
In this particular implementation, pid namespaces have a parent-child
relationship, just like processes. A process in a pid namespace may see all
of the processes in the same namespace, as well as all of the processes in all
of the namespaces which are children of its namespace. Processes may not,
however, see others which are in their parent's namespace, but not in their
own. The same goes for sibling namespaces.
The know issue to be solved in the nearest future is signal handling in the
namespace boundary. That is, currently the namespace's init is treated like
an ordinary task that can be killed from within an namespace. Ideally, the
signal handling by the namespace's init should have two sides: when signaling
the init from its namespace, the init should look like a real init task, i.e.
receive only those signals, that is explicitly wants to; when signaling the
init from one of the parent namespaces, init should look like an ordinary
task, i.e. receive any signal, only taking the general permissions into
account.
The pid namespace was developed by Pavel Emlyanov and Sukadev Bhattiprolu and
we eventually came to almost the same implementation, which differed in some
details. This set is based on Pavel's patches, but it includes comments and
patches that from Sukadev.
Many thanks to Oleg, who reviewed the patches, pointed out many BUGs and made
valuable advises on how to make this set cleaner.
This patch:
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will reparent
theirs for it. Why this is needed is explained in appropriate patch. This
one only reworks the forget_original_parent() so that after calling this a
task cannot be/become parent of any other task.
We check PF_EXITING instead of ->exit_state while choosing the new parent.
Note that tasklits_lock acts as a barrier, everyone who takes tasklist after
us (when forget_original_parent() drops it) must see PF_EXITING.
The other changes are just cleanups. They just move some code from
exit_notify to forget_original_parent(). It is a bit silly to declare
ptrace_dead in exit_notify(), take tasklist, pass ptrace_dead to
forget_original_parent(), unlock-lock-unlock tasklist, and then use
ptrace_dead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-19 10:40:00 +04:00
write_unlock_irq ( & tasklist_lock ) ;
2009-04-03 03:58:19 +04:00
pid namespaces: rework forget_original_parent()
A pid namespace is a "view" of a particular set of tasks on the system. They
work in a similar way to filesystem namespaces. A file (or a process) can be
accessed in multiple namespaces, but it may have a different name in each. In
a filesystem, this name might be /etc/passwd in one namespace, but
/chroot/etc/passwd in another.
For processes, a process may have pid 1234 in one namespace, but be pid 1 in
another. This allows new pid namespaces to have basically arbitrary pids, and
not have to worry about what pids exist in other namespaces. This is
essential for checkpoint/restart where a restarted process's pid might collide
with an existing process on the system's pid.
In this particular implementation, pid namespaces have a parent-child
relationship, just like processes. A process in a pid namespace may see all
of the processes in the same namespace, as well as all of the processes in all
of the namespaces which are children of its namespace. Processes may not,
however, see others which are in their parent's namespace, but not in their
own. The same goes for sibling namespaces.
The know issue to be solved in the nearest future is signal handling in the
namespace boundary. That is, currently the namespace's init is treated like
an ordinary task that can be killed from within an namespace. Ideally, the
signal handling by the namespace's init should have two sides: when signaling
the init from its namespace, the init should look like a real init task, i.e.
receive only those signals, that is explicitly wants to; when signaling the
init from one of the parent namespaces, init should look like an ordinary
task, i.e. receive any signal, only taking the general permissions into
account.
The pid namespace was developed by Pavel Emlyanov and Sukadev Bhattiprolu and
we eventually came to almost the same implementation, which differed in some
details. This set is based on Pavel's patches, but it includes comments and
patches that from Sukadev.
Many thanks to Oleg, who reviewed the patches, pointed out many BUGs and made
valuable advises on how to make this set cleaner.
This patch:
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will reparent
theirs for it. Why this is needed is explained in appropriate patch. This
one only reworks the forget_original_parent() so that after calling this a
task cannot be/become parent of any other task.
We check PF_EXITING instead of ->exit_state while choosing the new parent.
Note that tasklits_lock acts as a barrier, everyone who takes tasklist after
us (when forget_original_parent() drops it) must see PF_EXITING.
The other changes are just cleanups. They just move some code from
exit_notify to forget_original_parent(). It is a bit silly to declare
ptrace_dead in exit_notify(), take tasklist, pass ptrace_dead to
forget_original_parent(), unlock-lock-unlock tasklist, and then use
ptrace_dead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-19 10:40:00 +04:00
BUG_ON ( ! list_empty ( & father - > children ) ) ;
2009-04-03 03:58:19 +04:00
list_for_each_entry_safe ( p , n , & dead_children , sibling ) {
list_del_init ( & p - > sibling ) ;
2009-04-03 03:58:18 +04:00
release_task ( p ) ;
}
2005-04-17 02:20:36 +04:00
}
/*
* Send signals to all our closest relatives so that they know
* to properly mourn us . .
*/
2008-03-02 21:44:44 +03:00
static void exit_notify ( struct task_struct * tsk , int group_dead )
2005-04-17 02:20:36 +04:00
{
2008-07-26 06:45:54 +04:00
int signal ;
void * cookie ;
2005-04-17 02:20:36 +04:00
/*
* This does two things :
*
* A . Make init inherit all the child processes
* B . Check to see if any process groups have become orphaned
* as a result of our exiting , and if they have any stopped
* jobs , send them a SIGHUP and then a SIGCONT . ( POSIX 3.2 .2 .2 )
*/
pid namespaces: rework forget_original_parent()
A pid namespace is a "view" of a particular set of tasks on the system. They
work in a similar way to filesystem namespaces. A file (or a process) can be
accessed in multiple namespaces, but it may have a different name in each. In
a filesystem, this name might be /etc/passwd in one namespace, but
/chroot/etc/passwd in another.
For processes, a process may have pid 1234 in one namespace, but be pid 1 in
another. This allows new pid namespaces to have basically arbitrary pids, and
not have to worry about what pids exist in other namespaces. This is
essential for checkpoint/restart where a restarted process's pid might collide
with an existing process on the system's pid.
In this particular implementation, pid namespaces have a parent-child
relationship, just like processes. A process in a pid namespace may see all
of the processes in the same namespace, as well as all of the processes in all
of the namespaces which are children of its namespace. Processes may not,
however, see others which are in their parent's namespace, but not in their
own. The same goes for sibling namespaces.
The know issue to be solved in the nearest future is signal handling in the
namespace boundary. That is, currently the namespace's init is treated like
an ordinary task that can be killed from within an namespace. Ideally, the
signal handling by the namespace's init should have two sides: when signaling
the init from its namespace, the init should look like a real init task, i.e.
receive only those signals, that is explicitly wants to; when signaling the
init from one of the parent namespaces, init should look like an ordinary
task, i.e. receive any signal, only taking the general permissions into
account.
The pid namespace was developed by Pavel Emlyanov and Sukadev Bhattiprolu and
we eventually came to almost the same implementation, which differed in some
details. This set is based on Pavel's patches, but it includes comments and
patches that from Sukadev.
Many thanks to Oleg, who reviewed the patches, pointed out many BUGs and made
valuable advises on how to make this set cleaner.
This patch:
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will reparent
theirs for it. Why this is needed is explained in appropriate patch. This
one only reworks the forget_original_parent() so that after calling this a
task cannot be/become parent of any other task.
We check PF_EXITING instead of ->exit_state while choosing the new parent.
Note that tasklits_lock acts as a barrier, everyone who takes tasklist after
us (when forget_original_parent() drops it) must see PF_EXITING.
The other changes are just cleanups. They just move some code from
exit_notify to forget_original_parent(). It is a bit silly to declare
ptrace_dead in exit_notify(), take tasklist, pass ptrace_dead to
forget_original_parent(), unlock-lock-unlock tasklist, and then use
ptrace_dead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-19 10:40:00 +04:00
forget_original_parent ( tsk ) ;
2007-10-19 10:40:01 +04:00
exit_task_namespaces ( tsk ) ;
2005-04-17 02:20:36 +04:00
pid namespaces: rework forget_original_parent()
A pid namespace is a "view" of a particular set of tasks on the system. They
work in a similar way to filesystem namespaces. A file (or a process) can be
accessed in multiple namespaces, but it may have a different name in each. In
a filesystem, this name might be /etc/passwd in one namespace, but
/chroot/etc/passwd in another.
For processes, a process may have pid 1234 in one namespace, but be pid 1 in
another. This allows new pid namespaces to have basically arbitrary pids, and
not have to worry about what pids exist in other namespaces. This is
essential for checkpoint/restart where a restarted process's pid might collide
with an existing process on the system's pid.
In this particular implementation, pid namespaces have a parent-child
relationship, just like processes. A process in a pid namespace may see all
of the processes in the same namespace, as well as all of the processes in all
of the namespaces which are children of its namespace. Processes may not,
however, see others which are in their parent's namespace, but not in their
own. The same goes for sibling namespaces.
The know issue to be solved in the nearest future is signal handling in the
namespace boundary. That is, currently the namespace's init is treated like
an ordinary task that can be killed from within an namespace. Ideally, the
signal handling by the namespace's init should have two sides: when signaling
the init from its namespace, the init should look like a real init task, i.e.
receive only those signals, that is explicitly wants to; when signaling the
init from one of the parent namespaces, init should look like an ordinary
task, i.e. receive any signal, only taking the general permissions into
account.
The pid namespace was developed by Pavel Emlyanov and Sukadev Bhattiprolu and
we eventually came to almost the same implementation, which differed in some
details. This set is based on Pavel's patches, but it includes comments and
patches that from Sukadev.
Many thanks to Oleg, who reviewed the patches, pointed out many BUGs and made
valuable advises on how to make this set cleaner.
This patch:
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will reparent
theirs for it. Why this is needed is explained in appropriate patch. This
one only reworks the forget_original_parent() so that after calling this a
task cannot be/become parent of any other task.
We check PF_EXITING instead of ->exit_state while choosing the new parent.
Note that tasklits_lock acts as a barrier, everyone who takes tasklist after
us (when forget_original_parent() drops it) must see PF_EXITING.
The other changes are just cleanups. They just move some code from
exit_notify to forget_original_parent(). It is a bit silly to declare
ptrace_dead in exit_notify(), take tasklist, pass ptrace_dead to
forget_original_parent(), unlock-lock-unlock tasklist, and then use
ptrace_dead.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-19 10:40:00 +04:00
write_lock_irq ( & tasklist_lock ) ;
2008-03-02 21:44:44 +03:00
if ( group_dead )
kill_orphaned_pgrp ( tsk - > group_leader , NULL ) ;
2005-04-17 02:20:36 +04:00
2007-08-04 01:04:41 +04:00
/* Let father know we died
2005-04-17 02:20:36 +04:00
*
* Thread signals are configurable , but you aren ' t going to use
2007-10-19 10:39:59 +04:00
* that to send signals to arbitary processes .
2005-04-17 02:20:36 +04:00
* That stops right now .
*
* If the parent exec id doesn ' t match the exec id we saved
* when we started then we know the parent has changed security
* domain .
*
* If our self_exec id doesn ' t match our parent_exec_id then
* we have changed execution domain as these two values started
* the same after a fork .
*/
2008-04-30 11:53:11 +04:00
if ( tsk - > exit_signal ! = SIGCHLD & & ! task_detached ( tsk ) & &
2008-03-02 21:44:40 +03:00
( tsk - > parent_exec_id ! = tsk - > real_parent - > self_exec_id | |
2009-04-06 18:16:02 +04:00
tsk - > self_exec_id ! = tsk - > parent_exec_id ) )
2005-04-17 02:20:36 +04:00
tsk - > exit_signal = SIGCHLD ;
2008-07-26 06:45:54 +04:00
signal = tracehook_notify_death ( tsk , & cookie , group_dead ) ;
2008-07-31 13:04:09 +04:00
if ( signal > = 0 )
2008-07-26 06:45:54 +04:00
signal = do_notify_parent ( tsk , signal ) ;
2005-04-17 02:20:36 +04:00
2008-07-31 13:04:09 +04:00
tsk - > exit_state = signal = = DEATH_REAP ? EXIT_DEAD : EXIT_ZOMBIE ;
2005-04-17 02:20:36 +04:00
2008-04-30 11:53:12 +04:00
/* mt-exec, de_thread() is waiting for us */
2007-10-17 10:27:23 +04:00
if ( thread_group_leader ( tsk ) & &
2008-08-27 02:14:36 +04:00
tsk - > signal - > group_exit_task & &
tsk - > signal - > notify_count < 0 )
2007-10-17 10:27:23 +04:00
wake_up_process ( tsk - > signal - > group_exit_task ) ;
2005-04-17 02:20:36 +04:00
write_unlock_irq ( & tasklist_lock ) ;
2008-07-26 06:45:54 +04:00
tracehook_report_death ( tsk , signal , cookie , group_dead ) ;
2005-04-17 02:20:36 +04:00
/* If the process is dead, release it - nobody will wait for it */
2008-07-31 13:04:09 +04:00
if ( signal = = DEATH_REAP )
2005-04-17 02:20:36 +04:00
release_task ( tsk ) ;
}
2007-07-16 10:38:48 +04:00
# ifdef CONFIG_DEBUG_STACK_USAGE
static void check_stack_usage ( void )
{
static DEFINE_SPINLOCK ( low_water_lock ) ;
static int lowest_to_date = THREAD_SIZE ;
unsigned long free ;
2008-04-23 01:38:23 +04:00
free = stack_not_used ( current ) ;
2007-07-16 10:38:48 +04:00
if ( free > = lowest_to_date )
return ;
spin_lock ( & low_water_lock ) ;
if ( free < lowest_to_date ) {
printk ( KERN_WARNING " %s used greatest stack depth: %lu bytes "
" left \n " ,
current - > comm , free ) ;
lowest_to_date = free ;
}
spin_unlock ( & low_water_lock ) ;
}
# else
static inline void check_stack_usage ( void ) { }
# endif
2008-02-08 15:19:53 +03:00
NORET_TYPE void do_exit ( long code )
2005-04-17 02:20:36 +04:00
{
struct task_struct * tsk = current ;
int group_dead ;
profile_task_exit ( tsk ) ;
2005-06-27 12:55:12 +04:00
WARN_ON ( atomic_read ( & tsk - > fs_excl ) ) ;
2005-04-17 02:20:36 +04:00
if ( unlikely ( in_interrupt ( ) ) )
panic ( " Aiee, killing interrupt handler! " ) ;
if ( unlikely ( ! tsk - > pid ) )
panic ( " Attempted to kill the idle task! " ) ;
2008-07-26 06:45:46 +04:00
tracehook_report_exit ( & code ) ;
2005-04-17 02:20:36 +04:00
2005-06-23 11:09:13 +04:00
/*
* We ' re taking recursive faults here in do_exit . Safest is to just
* leave this task alone and wait for reboot .
*/
if ( unlikely ( tsk - > flags & PF_EXITING ) ) {
printk ( KERN_ALERT
" Fixing recursive fault but reboot is needed! \n " ) ;
2007-06-09 00:47:00 +04:00
/*
* We can do this unlocked here . The futex code uses
* this flag just to verify whether the pi state
* cleanup has been done or not . In the worst case it
* loops once more . We pretend that the cleanup was
* done as there is no way to return . Either the
* OWNER_DIED bit is set by now or we push the blocked
* task into the wait for ever nirwana as well .
*/
tsk - > flags | = PF_EXITPIDONE ;
2005-06-23 11:09:13 +04:00
set_current_state ( TASK_UNINTERRUPTIBLE ) ;
schedule ( ) ;
}
2009-03-23 20:28:15 +03:00
exit_irq_thread ( ) ;
2008-02-08 15:19:12 +03:00
exit_signals ( tsk ) ; /* sets PF_EXITING */
2007-06-09 00:47:00 +04:00
/*
* tsk - > flags are checked in the futex code to protect against
* an exiting task cleaning up the robust pi futexes .
*/
2007-10-17 10:26:47 +04:00
smp_mb ( ) ;
spin_unlock_wait ( & tsk - > pi_lock ) ;
2005-04-17 02:20:36 +04:00
if ( unlikely ( in_atomic ( ) ) )
printk ( KERN_INFO " note: %s[%d] exited with preempt_count %d \n " ,
2007-10-19 10:40:40 +04:00
current - > comm , task_pid_nr ( current ) ,
2005-04-17 02:20:36 +04:00
preempt_count ( ) ) ;
acct_update_integrals ( tsk ) ;
2009-01-07 01:40:29 +03:00
2005-04-17 02:20:36 +04:00
group_dead = atomic_dec_and_test ( & tsk - > signal - > live ) ;
2005-08-05 03:49:32 +04:00
if ( group_dead ) {
2007-06-09 00:47:00 +04:00
hrtimer_cancel ( & tsk - > signal - > real_timer ) ;
2005-10-22 02:03:29 +04:00
exit_itimers ( tsk - > signal ) ;
2005-08-05 03:49:32 +04:00
}
2006-06-25 16:49:25 +04:00
acct_collect ( code , group_dead ) ;
Audit: add TTY input auditing
Add TTY input auditing, used to audit system administrator's actions. This is
required by various security standards such as DCID 6/3 and PCI to provide
non-repudiation of administrator's actions and to allow a review of past
actions if the administrator seems to overstep their duties or if the system
becomes misconfigured for unknown reasons. These requirements do not make it
necessary to audit TTY output as well.
Compared to an user-space keylogger, this approach records TTY input using the
audit subsystem, correlated with other audit events, and it is completely
transparent to the user-space application (e.g. the console ioctls still
work).
TTY input auditing works on a higher level than auditing all system calls
within the session, which would produce an overwhelming amount of mostly
useless audit events.
Add an "audit_tty" attribute, inherited across fork (). Data read from TTYs
by process with the attribute is sent to the audit subsystem by the kernel.
The audit netlink interface is extended to allow modifying the audit_tty
attribute, and to allow sending explanatory audit events from user-space (for
example, a shell might send an event containing the final command, after the
interactive command-line editing and history expansion is performed, which
might be difficult to decipher from the TTY input alone).
Because the "audit_tty" attribute is inherited across fork (), it would be set
e.g. for sshd restarted within an audited session. To prevent this, the
audit_tty attribute is cleared when a process with no open TTY file
descriptors (e.g. after daemon startup) opens a TTY.
See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
more detailed rationale document for an older version of this patch.
[akpm@linux-foundation.org: build fix]
Signed-off-by: Miloslav Trmac <mitr@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Paul Fulghum <paulkf@microgate.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16 10:40:56 +04:00
if ( group_dead )
tty_audit_exit ( ) ;
2006-03-30 05:30:19 +04:00
if ( unlikely ( tsk - > audit_context ) )
audit_free ( tsk ) ;
2006-12-07 07:36:51 +03:00
2007-08-31 10:56:23 +04:00
tsk - > exit_code = code ;
2006-12-07 07:36:51 +03:00
taskstats_exit ( tsk , group_dead ) ;
2006-07-14 11:24:40 +04:00
2005-04-17 02:20:36 +04:00
exit_mm ( tsk ) ;
2006-06-25 16:49:24 +04:00
if ( group_dead )
2006-06-25 16:49:25 +04:00
acct_process ( ) ;
tracing, sched: LTTng instrumentation - scheduler
Instrument the scheduler activity (sched_switch, migration, wakeups,
wait for a task, signal delivery) and process/thread
creation/destruction (fork, exit, kthread stop). Actually, kthread
creation is not instrumented in this patch because it is architecture
dependent. It allows to connect tracers such as ftrace which detects
scheduling latencies, good/bad scheduler decisions. Tools like LTTng can
export this scheduler information along with instrumentation of the rest
of the kernel activity to perform post-mortem analysis on the scheduler
activity.
About the performance impact of tracepoints (which is comparable to
markers), even without immediate values optimizations, tests done by
Hideo Aoki on ia64 show no regression. His test case was using hackbench
on a kernel where scheduler instrumentation (about 5 events in code
scheduler code) was added. See the "Tracepoints" patch header for
performance result detail.
Changelog :
- Change instrumentation location and parameter to match ftrace
instrumentation, previously done with kernel markers.
[ mingo@elte.hu: conflict resolutions ]
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Acked-by: 'Peter Zijlstra' <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-18 20:16:17 +04:00
trace_sched_process_exit ( tsk ) ;
2005-04-17 02:20:36 +04:00
exit_sem ( tsk ) ;
2008-04-22 13:35:42 +04:00
exit_files ( tsk ) ;
exit_fs ( tsk ) ;
2007-07-16 10:38:48 +04:00
check_stack_usage ( ) ;
2005-04-17 02:20:36 +04:00
exit_thread ( ) ;
2007-10-19 10:39:33 +04:00
cgroup_exit ( tsk , 1 ) ;
2005-04-17 02:20:36 +04:00
if ( group_dead & & tsk - > signal - > leader )
disassociate_ctty ( 1 ) ;
2005-11-14 03:06:55 +03:00
module_put ( task_thread_info ( tsk ) - > exec_domain - > module ) ;
2005-04-17 02:20:36 +04:00
if ( tsk - > binfmt )
module_put ( tsk - > binfmt - > module ) ;
2005-11-07 11:59:16 +03:00
proc_exit_connector ( tsk ) ;
2009-05-17 13:08:41 +04:00
/*
* Flush inherited counters to the parent - before the parent
* gets woken up by child - exit notifications .
*/
perf_counter_exit_task ( tsk ) ;
2008-03-02 21:44:44 +03:00
exit_notify ( tsk , group_dead ) ;
2005-04-17 02:20:36 +04:00
# ifdef CONFIG_NUMA
2008-04-28 13:13:08 +04:00
mpol_put ( tsk - > mempolicy ) ;
2005-04-17 02:20:36 +04:00
tsk - > mempolicy = NULL ;
# endif
2008-12-12 15:49:45 +03:00
# ifdef CONFIG_FUTEX
2006-06-27 13:54:58 +04:00
if ( unlikely ( ! list_empty ( & tsk - > pi_state_list ) ) )
exit_pi_state_list ( tsk ) ;
if ( unlikely ( current - > pi_state_cache ) )
kfree ( current - > pi_state_cache ) ;
2007-10-17 10:27:30 +04:00
# endif
2006-01-10 02:59:21 +03:00
/*
2006-07-03 11:24:33 +04:00
* Make sure we are holding no locks :
2006-01-10 02:59:21 +03:00
*/
2006-07-03 11:24:33 +04:00
debug_check_no_locks_held ( tsk ) ;
2007-06-09 00:47:00 +04:00
/*
* We can do this unlocked here . The futex code uses this flag
* just to verify whether the pi state cleanup has been done
* or not . In the worst case it loops once more .
*/
tsk - > flags | = PF_EXITPIDONE ;
2005-04-17 02:20:36 +04:00
2006-02-28 20:51:55 +03:00
if ( tsk - > io_context )
exit_io_context ( ) ;
2006-04-11 15:52:07 +04:00
if ( tsk - > splice_pipe )
__free_pipe_info ( tsk - > splice_pipe ) ;
2005-10-31 02:02:47 +03:00
preempt_disable ( ) ;
2006-09-29 13:01:10 +04:00
/* causes final put_task_struct in finish_task_switch(). */
2006-09-29 13:01:11 +04:00
tsk - > state = TASK_DEAD ;
2005-04-17 02:20:36 +04:00
schedule ( ) ;
BUG ( ) ;
/* Avoid "noreturn function does return". */
2006-09-29 13:00:42 +04:00
for ( ; ; )
cpu_relax ( ) ; /* For when BUG is null */
2005-04-17 02:20:36 +04:00
}
2005-04-23 11:08:00 +04:00
EXPORT_SYMBOL_GPL ( do_exit ) ;
2005-04-17 02:20:36 +04:00
NORET_TYPE void complete_and_exit ( struct completion * comp , long code )
{
if ( comp )
complete ( comp ) ;
2006-09-29 13:01:10 +04:00
2005-04-17 02:20:36 +04:00
do_exit ( code ) ;
}
EXPORT_SYMBOL ( complete_and_exit ) ;
2009-01-14 16:14:09 +03:00
SYSCALL_DEFINE1 ( exit , int , error_code )
2005-04-17 02:20:36 +04:00
{
do_exit ( ( error_code & 0xff ) < < 8 ) ;
}
/*
* Take down every thread in the group . This is called by fatal signals
* as well as by sys_exit_group ( below ) .
*/
NORET_TYPE void
do_group_exit ( int exit_code )
{
2008-04-30 11:52:36 +04:00
struct signal_struct * sig = current - > signal ;
2005-04-17 02:20:36 +04:00
BUG_ON ( exit_code & 0x80 ) ; /* core dumps don't get here */
2008-04-30 11:52:36 +04:00
if ( signal_group_exit ( sig ) )
exit_code = sig - > group_exit_code ;
2005-04-17 02:20:36 +04:00
else if ( ! thread_group_empty ( current ) ) {
struct sighand_struct * const sighand = current - > sighand ;
spin_lock_irq ( & sighand - > siglock ) ;
2008-02-05 09:27:24 +03:00
if ( signal_group_exit ( sig ) )
2005-04-17 02:20:36 +04:00
/* Another thread got here before we took the lock. */
exit_code = sig - > group_exit_code ;
else {
sig - > group_exit_code = exit_code ;
2008-02-05 09:27:24 +03:00
sig - > flags = SIGNAL_GROUP_EXIT ;
2005-04-17 02:20:36 +04:00
zap_other_threads ( current ) ;
}
spin_unlock_irq ( & sighand - > siglock ) ;
}
do_exit ( exit_code ) ;
/* NOTREACHED */
}
/*
* this kills every thread in the thread group . Note that any externally
* wait4 ( ) - ing process will get the correct exit code - even if this
* thread is not the thread group leader .
*/
2009-01-14 16:14:09 +03:00
SYSCALL_DEFINE1 ( exit_group , int , error_code )
2005-04-17 02:20:36 +04:00
{
do_group_exit ( ( error_code & 0xff ) < < 8 ) ;
2009-01-14 16:13:54 +03:00
/* NOTREACHED */
return 0 ;
2005-04-17 02:20:36 +04:00
}
2008-02-08 15:19:14 +03:00
static struct pid * task_pid_type ( struct task_struct * task , enum pid_type type )
{
struct pid * pid = NULL ;
if ( type = = PIDTYPE_PID )
pid = task - > pids [ type ] . pid ;
else if ( type < PIDTYPE_MAX )
pid = task - > group_leader - > pids [ type ] . pid ;
return pid ;
}
static int eligible_child ( enum pid_type type , struct pid * pid , int options ,
struct task_struct * p )
2005-04-17 02:20:36 +04:00
{
2007-05-07 01:50:20 +04:00
int err ;
2008-02-08 15:19:14 +03:00
if ( type < PIDTYPE_MAX ) {
if ( task_pid_type ( p , type ) ! = pid )
2005-04-17 02:20:36 +04:00
return 0 ;
}
/* Wait for all children (clone and not) if __WALL is set;
* otherwise , wait for clone children * only * if __WCLONE is
* set ; otherwise , wait for non - clone children * only * . ( Note :
* A " clone " child here is one that reports to its parent
* using a signal other than SIGCHLD . ) */
if ( ( ( p - > exit_signal ! = SIGCHLD ) ^ ( ( options & __WCLONE ) ! = 0 ) )
& & ! ( options & __WALL ) )
return 0 ;
2007-05-07 01:50:20 +04:00
err = security_task_wait ( p ) ;
2008-03-31 05:41:25 +04:00
if ( err )
return err ;
2005-04-17 02:20:36 +04:00
2008-03-31 05:41:25 +04:00
return 1 ;
2005-04-17 02:20:36 +04:00
}
2006-07-03 11:25:41 +04:00
static int wait_noreap_copyout ( struct task_struct * p , pid_t pid , uid_t uid ,
2005-04-17 02:20:36 +04:00
int why , int status ,
struct siginfo __user * infop ,
struct rusage __user * rusagep )
{
int retval = rusagep ? getrusage ( p , RUSAGE_BOTH , rusagep ) : 0 ;
2006-07-03 11:25:41 +04:00
2005-04-17 02:20:36 +04:00
put_task_struct ( p ) ;
if ( ! retval )
retval = put_user ( SIGCHLD , & infop - > si_signo ) ;
if ( ! retval )
retval = put_user ( 0 , & infop - > si_errno ) ;
if ( ! retval )
retval = put_user ( ( short ) why , & infop - > si_code ) ;
if ( ! retval )
retval = put_user ( pid , & infop - > si_pid ) ;
if ( ! retval )
retval = put_user ( uid , & infop - > si_uid ) ;
if ( ! retval )
retval = put_user ( status , & infop - > si_status ) ;
if ( ! retval )
retval = pid ;
return retval ;
}
/*
* Handle sys_wait4 work for one task in state EXIT_ZOMBIE . We hold
* read_lock ( & tasklist_lock ) on entry . If we return zero , we still hold
* the lock and this task is uninteresting . If we return nonzero , we have
* released the lock and the system call should return .
*/
2008-03-20 05:24:59 +03:00
static int wait_task_zombie ( struct task_struct * p , int options ,
2005-04-17 02:20:36 +04:00
struct siginfo __user * infop ,
int __user * stat_addr , struct rusage __user * ru )
{
unsigned long state ;
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
int retval , status , traced ;
2008-02-08 15:19:20 +03:00
pid_t pid = task_pid_vnr ( p ) ;
2008-11-14 02:39:19 +03:00
uid_t uid = __task_cred ( p ) - > uid ;
2005-04-17 02:20:36 +04:00
2008-03-20 05:24:59 +03:00
if ( ! likely ( options & WEXITED ) )
return 0 ;
if ( unlikely ( options & WNOWAIT ) ) {
2005-04-17 02:20:36 +04:00
int exit_code = p - > exit_code ;
int why , status ;
get_task_struct ( p ) ;
read_unlock ( & tasklist_lock ) ;
if ( ( exit_code & 0x7f ) = = 0 ) {
why = CLD_EXITED ;
status = exit_code > > 8 ;
} else {
why = ( exit_code & 0x80 ) ? CLD_DUMPED : CLD_KILLED ;
status = exit_code & 0x7f ;
}
return wait_noreap_copyout ( p , pid , uid , why ,
status , infop , ru ) ;
}
/*
* Try to move the task ' s state to DEAD
* only one thread is allowed to do this :
*/
state = xchg ( & p - > exit_state , EXIT_DEAD ) ;
if ( state ! = EXIT_ZOMBIE ) {
BUG_ON ( state ! = EXIT_DEAD ) ;
return 0 ;
}
2008-04-30 11:53:13 +04:00
traced = ptrace_reparented ( p ) ;
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
if ( likely ( ! traced ) ) {
2006-01-10 07:54:39 +03:00
struct signal_struct * psig ;
struct signal_struct * sig ;
timers: fix itimer/many thread hang
Overview
This patch reworks the handling of POSIX CPU timers, including the
ITIMER_PROF, ITIMER_VIRT timers and rlimit handling. It was put together
with the help of Roland McGrath, the owner and original writer of this code.
The problem we ran into, and the reason for this rework, has to do with using
a profiling timer in a process with a large number of threads. It appears
that the performance of the old implementation of run_posix_cpu_timers() was
at least O(n*3) (where "n" is the number of threads in a process) or worse.
Everything is fine with an increasing number of threads until the time taken
for that routine to run becomes the same as or greater than the tick time, at
which point things degrade rather quickly.
This patch fixes bug 9906, "Weird hang with NPTL and SIGPROF."
Code Changes
This rework corrects the implementation of run_posix_cpu_timers() to make it
run in constant time for a particular machine. (Performance may vary between
one machine and another depending upon whether the kernel is built as single-
or multiprocessor and, in the latter case, depending upon the number of
running processors.) To do this, at each tick we now update fields in
signal_struct as well as task_struct. The run_posix_cpu_timers() function
uses those fields to make its decisions.
We define a new structure, "task_cputime," to contain user, system and
scheduler times and use these in appropriate places:
struct task_cputime {
cputime_t utime;
cputime_t stime;
unsigned long long sum_exec_runtime;
};
This is included in the structure "thread_group_cputime," which is a new
substructure of signal_struct and which varies for uniprocessor versus
multiprocessor kernels. For uniprocessor kernels, it uses "task_cputime" as
a simple substructure, while for multiprocessor kernels it is a pointer:
struct thread_group_cputime {
struct task_cputime totals;
};
struct thread_group_cputime {
struct task_cputime *totals;
};
We also add a new task_cputime substructure directly to signal_struct, to
cache the earliest expiration of process-wide timers, and task_cputime also
replaces the it_*_expires fields of task_struct (used for earliest expiration
of thread timers). The "thread_group_cputime" structure contains process-wide
timers that are updated via account_user_time() and friends. In the non-SMP
case the structure is a simple aggregator; unfortunately in the SMP case that
simplicity was not achievable due to cache-line contention between CPUs (in
one measured case performance was actually _worse_ on a 16-cpu system than
the same test on a 4-cpu system, due to this contention). For SMP, the
thread_group_cputime counters are maintained as a per-cpu structure allocated
using alloc_percpu(). The timer functions update only the timer field in
the structure corresponding to the running CPU, obtained using per_cpu_ptr().
We define a set of inline functions in sched.h that we use to maintain the
thread_group_cputime structure and hide the differences between UP and SMP
implementations from the rest of the kernel. The thread_group_cputime_init()
function initializes the thread_group_cputime structure for the given task.
The thread_group_cputime_alloc() is a no-op for UP; for SMP it calls the
out-of-line function thread_group_cputime_alloc_smp() to allocate and fill
in the per-cpu structures and fields. The thread_group_cputime_free()
function, also a no-op for UP, in SMP frees the per-cpu structures. The
thread_group_cputime_clone_thread() function (also a UP no-op) for SMP calls
thread_group_cputime_alloc() if the per-cpu structures haven't yet been
allocated. The thread_group_cputime() function fills the task_cputime
structure it is passed with the contents of the thread_group_cputime fields;
in UP it's that simple but in SMP it must also safely check that tsk->signal
is non-NULL (if it is it just uses the appropriate fields of task_struct) and,
if so, sums the per-cpu values for each online CPU. Finally, the three
functions account_group_user_time(), account_group_system_time() and
account_group_exec_runtime() are used by timer functions to update the
respective fields of the thread_group_cputime structure.
Non-SMP operation is trivial and will not be mentioned further.
The per-cpu structure is always allocated when a task creates its first new
thread, via a call to thread_group_cputime_clone_thread() from copy_signal().
It is freed at process exit via a call to thread_group_cputime_free() from
cleanup_signal().
All functions that formerly summed utime/stime/sum_sched_runtime values from
from all threads in the thread group now use thread_group_cputime() to
snapshot the values in the thread_group_cputime structure or the values in
the task structure itself if the per-cpu structure hasn't been allocated.
Finally, the code in kernel/posix-cpu-timers.c has changed quite a bit.
The run_posix_cpu_timers() function has been split into a fast path and a
slow path; the former safely checks whether there are any expired thread
timers and, if not, just returns, while the slow path does the heavy lifting.
With the dedicated thread group fields, timers are no longer "rebalanced" and
the process_timer_rebalance() function and related code has gone away. All
summing loops are gone and all code that used them now uses the
thread_group_cputime() inline. When process-wide timers are set, the new
task_cputime structure in signal_struct is used to cache the earliest
expiration; this is checked in the fast path.
Performance
The fix appears not to add significant overhead to existing operations. It
generally performs the same as the current code except in two cases, one in
which it performs slightly worse (Case 5 below) and one in which it performs
very significantly better (Case 2 below). Overall it's a wash except in those
two cases.
I've since done somewhat more involved testing on a dual-core Opteron system.
Case 1: With no itimer running, for a test with 100,000 threads, the fixed
kernel took 1428.5 seconds, 513 seconds more than the unfixed system,
all of which was spent in the system. There were twice as many
voluntary context switches with the fix as without it.
Case 2: With an itimer running at .01 second ticks and 4000 threads (the most
an unmodified kernel can handle), the fixed kernel ran the test in
eight percent of the time (5.8 seconds as opposed to 70 seconds) and
had better tick accuracy (.012 seconds per tick as opposed to .023
seconds per tick).
Case 3: A 4000-thread test with an initial timer tick of .01 second and an
interval of 10,000 seconds (i.e. a timer that ticks only once) had
very nearly the same performance in both cases: 6.3 seconds elapsed
for the fixed kernel versus 5.5 seconds for the unfixed kernel.
With fewer threads (eight in these tests), the Case 1 test ran in essentially
the same time on both the modified and unmodified kernels (5.2 seconds versus
5.8 seconds). The Case 2 test ran in about the same time as well, 5.9 seconds
versus 5.4 seconds but again with much better tick accuracy, .013 seconds per
tick versus .025 seconds per tick for the unmodified kernel.
Since the fix affected the rlimit code, I also tested soft and hard CPU limits.
Case 4: With a hard CPU limit of 20 seconds and eight threads (and an itimer
running), the modified kernel was very slightly favored in that while
it killed the process in 19.997 seconds of CPU time (5.002 seconds of
wall time), only .003 seconds of that was system time, the rest was
user time. The unmodified kernel killed the process in 20.001 seconds
of CPU (5.014 seconds of wall time) of which .016 seconds was system
time. Really, though, the results were too close to call. The results
were essentially the same with no itimer running.
Case 5: With a soft limit of 20 seconds and a hard limit of 2000 seconds
(where the hard limit would never be reached) and an itimer running,
the modified kernel exhibited worse tick accuracy than the unmodified
kernel: .050 seconds/tick versus .028 seconds/tick. Otherwise,
performance was almost indistinguishable. With no itimer running this
test exhibited virtually identical behavior and times in both cases.
In times past I did some limited performance testing. those results are below.
On a four-cpu Opteron system without this fix, a sixteen-thread test executed
in 3569.991 seconds, of which user was 3568.435s and system was 1.556s. On
the same system with the fix, user and elapsed time were about the same, but
system time dropped to 0.007 seconds. Performance with eight, four and one
thread were comparable. Interestingly, the timer ticks with the fix seemed
more accurate: The sixteen-thread test with the fix received 149543 ticks
for 0.024 seconds per tick, while the same test without the fix received 58720
for 0.061 seconds per tick. Both cases were configured for an interval of
0.01 seconds. Again, the other tests were comparable. Each thread in this
test computed the primes up to 25,000,000.
I also did a test with a large number of threads, 100,000 threads, which is
impossible without the fix. In this case each thread computed the primes only
up to 10,000 (to make the runtime manageable). System time dominated, at
1546.968 seconds out of a total 2176.906 seconds (giving a user time of
629.938s). It received 147651 ticks for 0.015 seconds per tick, still quite
accurate. There is obviously no comparable test without the fix.
Signed-off-by: Frank Mayhar <fmayhar@google.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-09-12 20:54:39 +04:00
struct task_cputime cputime ;
2006-01-10 07:54:39 +03:00
2005-04-17 02:20:36 +04:00
/*
* The resource counters for the group leader are in its
* own task_struct . Those for dead threads in the group
* are in its signal_struct , as are those for the child
* processes it has previously reaped . All these
* accumulate in the parent ' s signal_struct c * fields .
*
* We don ' t bother to take a lock here to protect these
* p - > signal fields , because they are only touched by
* __exit_signal , which runs with tasklist_lock
* write - locked anyway , and so is excluded here . We do
* need to protect the access to p - > parent - > signal fields ,
* as other threads in the parent group can be right
* here reaping other children at the same time .
timers: fix itimer/many thread hang
Overview
This patch reworks the handling of POSIX CPU timers, including the
ITIMER_PROF, ITIMER_VIRT timers and rlimit handling. It was put together
with the help of Roland McGrath, the owner and original writer of this code.
The problem we ran into, and the reason for this rework, has to do with using
a profiling timer in a process with a large number of threads. It appears
that the performance of the old implementation of run_posix_cpu_timers() was
at least O(n*3) (where "n" is the number of threads in a process) or worse.
Everything is fine with an increasing number of threads until the time taken
for that routine to run becomes the same as or greater than the tick time, at
which point things degrade rather quickly.
This patch fixes bug 9906, "Weird hang with NPTL and SIGPROF."
Code Changes
This rework corrects the implementation of run_posix_cpu_timers() to make it
run in constant time for a particular machine. (Performance may vary between
one machine and another depending upon whether the kernel is built as single-
or multiprocessor and, in the latter case, depending upon the number of
running processors.) To do this, at each tick we now update fields in
signal_struct as well as task_struct. The run_posix_cpu_timers() function
uses those fields to make its decisions.
We define a new structure, "task_cputime," to contain user, system and
scheduler times and use these in appropriate places:
struct task_cputime {
cputime_t utime;
cputime_t stime;
unsigned long long sum_exec_runtime;
};
This is included in the structure "thread_group_cputime," which is a new
substructure of signal_struct and which varies for uniprocessor versus
multiprocessor kernels. For uniprocessor kernels, it uses "task_cputime" as
a simple substructure, while for multiprocessor kernels it is a pointer:
struct thread_group_cputime {
struct task_cputime totals;
};
struct thread_group_cputime {
struct task_cputime *totals;
};
We also add a new task_cputime substructure directly to signal_struct, to
cache the earliest expiration of process-wide timers, and task_cputime also
replaces the it_*_expires fields of task_struct (used for earliest expiration
of thread timers). The "thread_group_cputime" structure contains process-wide
timers that are updated via account_user_time() and friends. In the non-SMP
case the structure is a simple aggregator; unfortunately in the SMP case that
simplicity was not achievable due to cache-line contention between CPUs (in
one measured case performance was actually _worse_ on a 16-cpu system than
the same test on a 4-cpu system, due to this contention). For SMP, the
thread_group_cputime counters are maintained as a per-cpu structure allocated
using alloc_percpu(). The timer functions update only the timer field in
the structure corresponding to the running CPU, obtained using per_cpu_ptr().
We define a set of inline functions in sched.h that we use to maintain the
thread_group_cputime structure and hide the differences between UP and SMP
implementations from the rest of the kernel. The thread_group_cputime_init()
function initializes the thread_group_cputime structure for the given task.
The thread_group_cputime_alloc() is a no-op for UP; for SMP it calls the
out-of-line function thread_group_cputime_alloc_smp() to allocate and fill
in the per-cpu structures and fields. The thread_group_cputime_free()
function, also a no-op for UP, in SMP frees the per-cpu structures. The
thread_group_cputime_clone_thread() function (also a UP no-op) for SMP calls
thread_group_cputime_alloc() if the per-cpu structures haven't yet been
allocated. The thread_group_cputime() function fills the task_cputime
structure it is passed with the contents of the thread_group_cputime fields;
in UP it's that simple but in SMP it must also safely check that tsk->signal
is non-NULL (if it is it just uses the appropriate fields of task_struct) and,
if so, sums the per-cpu values for each online CPU. Finally, the three
functions account_group_user_time(), account_group_system_time() and
account_group_exec_runtime() are used by timer functions to update the
respective fields of the thread_group_cputime structure.
Non-SMP operation is trivial and will not be mentioned further.
The per-cpu structure is always allocated when a task creates its first new
thread, via a call to thread_group_cputime_clone_thread() from copy_signal().
It is freed at process exit via a call to thread_group_cputime_free() from
cleanup_signal().
All functions that formerly summed utime/stime/sum_sched_runtime values from
from all threads in the thread group now use thread_group_cputime() to
snapshot the values in the thread_group_cputime structure or the values in
the task structure itself if the per-cpu structure hasn't been allocated.
Finally, the code in kernel/posix-cpu-timers.c has changed quite a bit.
The run_posix_cpu_timers() function has been split into a fast path and a
slow path; the former safely checks whether there are any expired thread
timers and, if not, just returns, while the slow path does the heavy lifting.
With the dedicated thread group fields, timers are no longer "rebalanced" and
the process_timer_rebalance() function and related code has gone away. All
summing loops are gone and all code that used them now uses the
thread_group_cputime() inline. When process-wide timers are set, the new
task_cputime structure in signal_struct is used to cache the earliest
expiration; this is checked in the fast path.
Performance
The fix appears not to add significant overhead to existing operations. It
generally performs the same as the current code except in two cases, one in
which it performs slightly worse (Case 5 below) and one in which it performs
very significantly better (Case 2 below). Overall it's a wash except in those
two cases.
I've since done somewhat more involved testing on a dual-core Opteron system.
Case 1: With no itimer running, for a test with 100,000 threads, the fixed
kernel took 1428.5 seconds, 513 seconds more than the unfixed system,
all of which was spent in the system. There were twice as many
voluntary context switches with the fix as without it.
Case 2: With an itimer running at .01 second ticks and 4000 threads (the most
an unmodified kernel can handle), the fixed kernel ran the test in
eight percent of the time (5.8 seconds as opposed to 70 seconds) and
had better tick accuracy (.012 seconds per tick as opposed to .023
seconds per tick).
Case 3: A 4000-thread test with an initial timer tick of .01 second and an
interval of 10,000 seconds (i.e. a timer that ticks only once) had
very nearly the same performance in both cases: 6.3 seconds elapsed
for the fixed kernel versus 5.5 seconds for the unfixed kernel.
With fewer threads (eight in these tests), the Case 1 test ran in essentially
the same time on both the modified and unmodified kernels (5.2 seconds versus
5.8 seconds). The Case 2 test ran in about the same time as well, 5.9 seconds
versus 5.4 seconds but again with much better tick accuracy, .013 seconds per
tick versus .025 seconds per tick for the unmodified kernel.
Since the fix affected the rlimit code, I also tested soft and hard CPU limits.
Case 4: With a hard CPU limit of 20 seconds and eight threads (and an itimer
running), the modified kernel was very slightly favored in that while
it killed the process in 19.997 seconds of CPU time (5.002 seconds of
wall time), only .003 seconds of that was system time, the rest was
user time. The unmodified kernel killed the process in 20.001 seconds
of CPU (5.014 seconds of wall time) of which .016 seconds was system
time. Really, though, the results were too close to call. The results
were essentially the same with no itimer running.
Case 5: With a soft limit of 20 seconds and a hard limit of 2000 seconds
(where the hard limit would never be reached) and an itimer running,
the modified kernel exhibited worse tick accuracy than the unmodified
kernel: .050 seconds/tick versus .028 seconds/tick. Otherwise,
performance was almost indistinguishable. With no itimer running this
test exhibited virtually identical behavior and times in both cases.
In times past I did some limited performance testing. those results are below.
On a four-cpu Opteron system without this fix, a sixteen-thread test executed
in 3569.991 seconds, of which user was 3568.435s and system was 1.556s. On
the same system with the fix, user and elapsed time were about the same, but
system time dropped to 0.007 seconds. Performance with eight, four and one
thread were comparable. Interestingly, the timer ticks with the fix seemed
more accurate: The sixteen-thread test with the fix received 149543 ticks
for 0.024 seconds per tick, while the same test without the fix received 58720
for 0.061 seconds per tick. Both cases were configured for an interval of
0.01 seconds. Again, the other tests were comparable. Each thread in this
test computed the primes up to 25,000,000.
I also did a test with a large number of threads, 100,000 threads, which is
impossible without the fix. In this case each thread computed the primes only
up to 10,000 (to make the runtime manageable). System time dominated, at
1546.968 seconds out of a total 2176.906 seconds (giving a user time of
629.938s). It received 147651 ticks for 0.015 seconds per tick, still quite
accurate. There is obviously no comparable test without the fix.
Signed-off-by: Frank Mayhar <fmayhar@google.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-09-12 20:54:39 +04:00
*
* We use thread_group_cputime ( ) to get times for the thread
* group , which consolidates times for all threads in the
* group including the group leader .
2005-04-17 02:20:36 +04:00
*/
2008-11-17 17:40:08 +03:00
thread_group_cputime ( p , & cputime ) ;
2005-04-17 02:20:36 +04:00
spin_lock_irq ( & p - > parent - > sighand - > siglock ) ;
2006-01-10 07:54:39 +03:00
psig = p - > parent - > signal ;
sig = p - > signal ;
psig - > cutime =
cputime_add ( psig - > cutime ,
timers: fix itimer/many thread hang
Overview
This patch reworks the handling of POSIX CPU timers, including the
ITIMER_PROF, ITIMER_VIRT timers and rlimit handling. It was put together
with the help of Roland McGrath, the owner and original writer of this code.
The problem we ran into, and the reason for this rework, has to do with using
a profiling timer in a process with a large number of threads. It appears
that the performance of the old implementation of run_posix_cpu_timers() was
at least O(n*3) (where "n" is the number of threads in a process) or worse.
Everything is fine with an increasing number of threads until the time taken
for that routine to run becomes the same as or greater than the tick time, at
which point things degrade rather quickly.
This patch fixes bug 9906, "Weird hang with NPTL and SIGPROF."
Code Changes
This rework corrects the implementation of run_posix_cpu_timers() to make it
run in constant time for a particular machine. (Performance may vary between
one machine and another depending upon whether the kernel is built as single-
or multiprocessor and, in the latter case, depending upon the number of
running processors.) To do this, at each tick we now update fields in
signal_struct as well as task_struct. The run_posix_cpu_timers() function
uses those fields to make its decisions.
We define a new structure, "task_cputime," to contain user, system and
scheduler times and use these in appropriate places:
struct task_cputime {
cputime_t utime;
cputime_t stime;
unsigned long long sum_exec_runtime;
};
This is included in the structure "thread_group_cputime," which is a new
substructure of signal_struct and which varies for uniprocessor versus
multiprocessor kernels. For uniprocessor kernels, it uses "task_cputime" as
a simple substructure, while for multiprocessor kernels it is a pointer:
struct thread_group_cputime {
struct task_cputime totals;
};
struct thread_group_cputime {
struct task_cputime *totals;
};
We also add a new task_cputime substructure directly to signal_struct, to
cache the earliest expiration of process-wide timers, and task_cputime also
replaces the it_*_expires fields of task_struct (used for earliest expiration
of thread timers). The "thread_group_cputime" structure contains process-wide
timers that are updated via account_user_time() and friends. In the non-SMP
case the structure is a simple aggregator; unfortunately in the SMP case that
simplicity was not achievable due to cache-line contention between CPUs (in
one measured case performance was actually _worse_ on a 16-cpu system than
the same test on a 4-cpu system, due to this contention). For SMP, the
thread_group_cputime counters are maintained as a per-cpu structure allocated
using alloc_percpu(). The timer functions update only the timer field in
the structure corresponding to the running CPU, obtained using per_cpu_ptr().
We define a set of inline functions in sched.h that we use to maintain the
thread_group_cputime structure and hide the differences between UP and SMP
implementations from the rest of the kernel. The thread_group_cputime_init()
function initializes the thread_group_cputime structure for the given task.
The thread_group_cputime_alloc() is a no-op for UP; for SMP it calls the
out-of-line function thread_group_cputime_alloc_smp() to allocate and fill
in the per-cpu structures and fields. The thread_group_cputime_free()
function, also a no-op for UP, in SMP frees the per-cpu structures. The
thread_group_cputime_clone_thread() function (also a UP no-op) for SMP calls
thread_group_cputime_alloc() if the per-cpu structures haven't yet been
allocated. The thread_group_cputime() function fills the task_cputime
structure it is passed with the contents of the thread_group_cputime fields;
in UP it's that simple but in SMP it must also safely check that tsk->signal
is non-NULL (if it is it just uses the appropriate fields of task_struct) and,
if so, sums the per-cpu values for each online CPU. Finally, the three
functions account_group_user_time(), account_group_system_time() and
account_group_exec_runtime() are used by timer functions to update the
respective fields of the thread_group_cputime structure.
Non-SMP operation is trivial and will not be mentioned further.
The per-cpu structure is always allocated when a task creates its first new
thread, via a call to thread_group_cputime_clone_thread() from copy_signal().
It is freed at process exit via a call to thread_group_cputime_free() from
cleanup_signal().
All functions that formerly summed utime/stime/sum_sched_runtime values from
from all threads in the thread group now use thread_group_cputime() to
snapshot the values in the thread_group_cputime structure or the values in
the task structure itself if the per-cpu structure hasn't been allocated.
Finally, the code in kernel/posix-cpu-timers.c has changed quite a bit.
The run_posix_cpu_timers() function has been split into a fast path and a
slow path; the former safely checks whether there are any expired thread
timers and, if not, just returns, while the slow path does the heavy lifting.
With the dedicated thread group fields, timers are no longer "rebalanced" and
the process_timer_rebalance() function and related code has gone away. All
summing loops are gone and all code that used them now uses the
thread_group_cputime() inline. When process-wide timers are set, the new
task_cputime structure in signal_struct is used to cache the earliest
expiration; this is checked in the fast path.
Performance
The fix appears not to add significant overhead to existing operations. It
generally performs the same as the current code except in two cases, one in
which it performs slightly worse (Case 5 below) and one in which it performs
very significantly better (Case 2 below). Overall it's a wash except in those
two cases.
I've since done somewhat more involved testing on a dual-core Opteron system.
Case 1: With no itimer running, for a test with 100,000 threads, the fixed
kernel took 1428.5 seconds, 513 seconds more than the unfixed system,
all of which was spent in the system. There were twice as many
voluntary context switches with the fix as without it.
Case 2: With an itimer running at .01 second ticks and 4000 threads (the most
an unmodified kernel can handle), the fixed kernel ran the test in
eight percent of the time (5.8 seconds as opposed to 70 seconds) and
had better tick accuracy (.012 seconds per tick as opposed to .023
seconds per tick).
Case 3: A 4000-thread test with an initial timer tick of .01 second and an
interval of 10,000 seconds (i.e. a timer that ticks only once) had
very nearly the same performance in both cases: 6.3 seconds elapsed
for the fixed kernel versus 5.5 seconds for the unfixed kernel.
With fewer threads (eight in these tests), the Case 1 test ran in essentially
the same time on both the modified and unmodified kernels (5.2 seconds versus
5.8 seconds). The Case 2 test ran in about the same time as well, 5.9 seconds
versus 5.4 seconds but again with much better tick accuracy, .013 seconds per
tick versus .025 seconds per tick for the unmodified kernel.
Since the fix affected the rlimit code, I also tested soft and hard CPU limits.
Case 4: With a hard CPU limit of 20 seconds and eight threads (and an itimer
running), the modified kernel was very slightly favored in that while
it killed the process in 19.997 seconds of CPU time (5.002 seconds of
wall time), only .003 seconds of that was system time, the rest was
user time. The unmodified kernel killed the process in 20.001 seconds
of CPU (5.014 seconds of wall time) of which .016 seconds was system
time. Really, though, the results were too close to call. The results
were essentially the same with no itimer running.
Case 5: With a soft limit of 20 seconds and a hard limit of 2000 seconds
(where the hard limit would never be reached) and an itimer running,
the modified kernel exhibited worse tick accuracy than the unmodified
kernel: .050 seconds/tick versus .028 seconds/tick. Otherwise,
performance was almost indistinguishable. With no itimer running this
test exhibited virtually identical behavior and times in both cases.
In times past I did some limited performance testing. those results are below.
On a four-cpu Opteron system without this fix, a sixteen-thread test executed
in 3569.991 seconds, of which user was 3568.435s and system was 1.556s. On
the same system with the fix, user and elapsed time were about the same, but
system time dropped to 0.007 seconds. Performance with eight, four and one
thread were comparable. Interestingly, the timer ticks with the fix seemed
more accurate: The sixteen-thread test with the fix received 149543 ticks
for 0.024 seconds per tick, while the same test without the fix received 58720
for 0.061 seconds per tick. Both cases were configured for an interval of
0.01 seconds. Again, the other tests were comparable. Each thread in this
test computed the primes up to 25,000,000.
I also did a test with a large number of threads, 100,000 threads, which is
impossible without the fix. In this case each thread computed the primes only
up to 10,000 (to make the runtime manageable). System time dominated, at
1546.968 seconds out of a total 2176.906 seconds (giving a user time of
629.938s). It received 147651 ticks for 0.015 seconds per tick, still quite
accurate. There is obviously no comparable test without the fix.
Signed-off-by: Frank Mayhar <fmayhar@google.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-09-12 20:54:39 +04:00
cputime_add ( cputime . utime ,
sig - > cutime ) ) ;
2006-01-10 07:54:39 +03:00
psig - > cstime =
cputime_add ( psig - > cstime ,
timers: fix itimer/many thread hang
Overview
This patch reworks the handling of POSIX CPU timers, including the
ITIMER_PROF, ITIMER_VIRT timers and rlimit handling. It was put together
with the help of Roland McGrath, the owner and original writer of this code.
The problem we ran into, and the reason for this rework, has to do with using
a profiling timer in a process with a large number of threads. It appears
that the performance of the old implementation of run_posix_cpu_timers() was
at least O(n*3) (where "n" is the number of threads in a process) or worse.
Everything is fine with an increasing number of threads until the time taken
for that routine to run becomes the same as or greater than the tick time, at
which point things degrade rather quickly.
This patch fixes bug 9906, "Weird hang with NPTL and SIGPROF."
Code Changes
This rework corrects the implementation of run_posix_cpu_timers() to make it
run in constant time for a particular machine. (Performance may vary between
one machine and another depending upon whether the kernel is built as single-
or multiprocessor and, in the latter case, depending upon the number of
running processors.) To do this, at each tick we now update fields in
signal_struct as well as task_struct. The run_posix_cpu_timers() function
uses those fields to make its decisions.
We define a new structure, "task_cputime," to contain user, system and
scheduler times and use these in appropriate places:
struct task_cputime {
cputime_t utime;
cputime_t stime;
unsigned long long sum_exec_runtime;
};
This is included in the structure "thread_group_cputime," which is a new
substructure of signal_struct and which varies for uniprocessor versus
multiprocessor kernels. For uniprocessor kernels, it uses "task_cputime" as
a simple substructure, while for multiprocessor kernels it is a pointer:
struct thread_group_cputime {
struct task_cputime totals;
};
struct thread_group_cputime {
struct task_cputime *totals;
};
We also add a new task_cputime substructure directly to signal_struct, to
cache the earliest expiration of process-wide timers, and task_cputime also
replaces the it_*_expires fields of task_struct (used for earliest expiration
of thread timers). The "thread_group_cputime" structure contains process-wide
timers that are updated via account_user_time() and friends. In the non-SMP
case the structure is a simple aggregator; unfortunately in the SMP case that
simplicity was not achievable due to cache-line contention between CPUs (in
one measured case performance was actually _worse_ on a 16-cpu system than
the same test on a 4-cpu system, due to this contention). For SMP, the
thread_group_cputime counters are maintained as a per-cpu structure allocated
using alloc_percpu(). The timer functions update only the timer field in
the structure corresponding to the running CPU, obtained using per_cpu_ptr().
We define a set of inline functions in sched.h that we use to maintain the
thread_group_cputime structure and hide the differences between UP and SMP
implementations from the rest of the kernel. The thread_group_cputime_init()
function initializes the thread_group_cputime structure for the given task.
The thread_group_cputime_alloc() is a no-op for UP; for SMP it calls the
out-of-line function thread_group_cputime_alloc_smp() to allocate and fill
in the per-cpu structures and fields. The thread_group_cputime_free()
function, also a no-op for UP, in SMP frees the per-cpu structures. The
thread_group_cputime_clone_thread() function (also a UP no-op) for SMP calls
thread_group_cputime_alloc() if the per-cpu structures haven't yet been
allocated. The thread_group_cputime() function fills the task_cputime
structure it is passed with the contents of the thread_group_cputime fields;
in UP it's that simple but in SMP it must also safely check that tsk->signal
is non-NULL (if it is it just uses the appropriate fields of task_struct) and,
if so, sums the per-cpu values for each online CPU. Finally, the three
functions account_group_user_time(), account_group_system_time() and
account_group_exec_runtime() are used by timer functions to update the
respective fields of the thread_group_cputime structure.
Non-SMP operation is trivial and will not be mentioned further.
The per-cpu structure is always allocated when a task creates its first new
thread, via a call to thread_group_cputime_clone_thread() from copy_signal().
It is freed at process exit via a call to thread_group_cputime_free() from
cleanup_signal().
All functions that formerly summed utime/stime/sum_sched_runtime values from
from all threads in the thread group now use thread_group_cputime() to
snapshot the values in the thread_group_cputime structure or the values in
the task structure itself if the per-cpu structure hasn't been allocated.
Finally, the code in kernel/posix-cpu-timers.c has changed quite a bit.
The run_posix_cpu_timers() function has been split into a fast path and a
slow path; the former safely checks whether there are any expired thread
timers and, if not, just returns, while the slow path does the heavy lifting.
With the dedicated thread group fields, timers are no longer "rebalanced" and
the process_timer_rebalance() function and related code has gone away. All
summing loops are gone and all code that used them now uses the
thread_group_cputime() inline. When process-wide timers are set, the new
task_cputime structure in signal_struct is used to cache the earliest
expiration; this is checked in the fast path.
Performance
The fix appears not to add significant overhead to existing operations. It
generally performs the same as the current code except in two cases, one in
which it performs slightly worse (Case 5 below) and one in which it performs
very significantly better (Case 2 below). Overall it's a wash except in those
two cases.
I've since done somewhat more involved testing on a dual-core Opteron system.
Case 1: With no itimer running, for a test with 100,000 threads, the fixed
kernel took 1428.5 seconds, 513 seconds more than the unfixed system,
all of which was spent in the system. There were twice as many
voluntary context switches with the fix as without it.
Case 2: With an itimer running at .01 second ticks and 4000 threads (the most
an unmodified kernel can handle), the fixed kernel ran the test in
eight percent of the time (5.8 seconds as opposed to 70 seconds) and
had better tick accuracy (.012 seconds per tick as opposed to .023
seconds per tick).
Case 3: A 4000-thread test with an initial timer tick of .01 second and an
interval of 10,000 seconds (i.e. a timer that ticks only once) had
very nearly the same performance in both cases: 6.3 seconds elapsed
for the fixed kernel versus 5.5 seconds for the unfixed kernel.
With fewer threads (eight in these tests), the Case 1 test ran in essentially
the same time on both the modified and unmodified kernels (5.2 seconds versus
5.8 seconds). The Case 2 test ran in about the same time as well, 5.9 seconds
versus 5.4 seconds but again with much better tick accuracy, .013 seconds per
tick versus .025 seconds per tick for the unmodified kernel.
Since the fix affected the rlimit code, I also tested soft and hard CPU limits.
Case 4: With a hard CPU limit of 20 seconds and eight threads (and an itimer
running), the modified kernel was very slightly favored in that while
it killed the process in 19.997 seconds of CPU time (5.002 seconds of
wall time), only .003 seconds of that was system time, the rest was
user time. The unmodified kernel killed the process in 20.001 seconds
of CPU (5.014 seconds of wall time) of which .016 seconds was system
time. Really, though, the results were too close to call. The results
were essentially the same with no itimer running.
Case 5: With a soft limit of 20 seconds and a hard limit of 2000 seconds
(where the hard limit would never be reached) and an itimer running,
the modified kernel exhibited worse tick accuracy than the unmodified
kernel: .050 seconds/tick versus .028 seconds/tick. Otherwise,
performance was almost indistinguishable. With no itimer running this
test exhibited virtually identical behavior and times in both cases.
In times past I did some limited performance testing. those results are below.
On a four-cpu Opteron system without this fix, a sixteen-thread test executed
in 3569.991 seconds, of which user was 3568.435s and system was 1.556s. On
the same system with the fix, user and elapsed time were about the same, but
system time dropped to 0.007 seconds. Performance with eight, four and one
thread were comparable. Interestingly, the timer ticks with the fix seemed
more accurate: The sixteen-thread test with the fix received 149543 ticks
for 0.024 seconds per tick, while the same test without the fix received 58720
for 0.061 seconds per tick. Both cases were configured for an interval of
0.01 seconds. Again, the other tests were comparable. Each thread in this
test computed the primes up to 25,000,000.
I also did a test with a large number of threads, 100,000 threads, which is
impossible without the fix. In this case each thread computed the primes only
up to 10,000 (to make the runtime manageable). System time dominated, at
1546.968 seconds out of a total 2176.906 seconds (giving a user time of
629.938s). It received 147651 ticks for 0.015 seconds per tick, still quite
accurate. There is obviously no comparable test without the fix.
Signed-off-by: Frank Mayhar <fmayhar@google.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-09-12 20:54:39 +04:00
cputime_add ( cputime . stime ,
sig - > cstime ) ) ;
2007-10-15 19:00:19 +04:00
psig - > cgtime =
cputime_add ( psig - > cgtime ,
cputime_add ( p - > gtime ,
cputime_add ( sig - > gtime ,
sig - > cgtime ) ) ) ;
2006-01-10 07:54:39 +03:00
psig - > cmin_flt + =
p - > min_flt + sig - > min_flt + sig - > cmin_flt ;
psig - > cmaj_flt + =
p - > maj_flt + sig - > maj_flt + sig - > cmaj_flt ;
psig - > cnvcsw + =
p - > nvcsw + sig - > nvcsw + sig - > cnvcsw ;
psig - > cnivcsw + =
p - > nivcsw + sig - > nivcsw + sig - > cnivcsw ;
2007-05-11 09:22:37 +04:00
psig - > cinblock + =
task_io_get_inblock ( p ) +
sig - > inblock + sig - > cinblock ;
psig - > coublock + =
task_io_get_oublock ( p ) +
sig - > oublock + sig - > coublock ;
2008-07-27 19:29:15 +04:00
task_io_accounting_add ( & psig - > ioac , & p - > ioac ) ;
task_io_accounting_add ( & psig - > ioac , & sig - > ioac ) ;
2005-04-17 02:20:36 +04:00
spin_unlock_irq ( & p - > parent - > sighand - > siglock ) ;
}
/*
* Now we are sure this task is interesting , and no other
* thread can reap it because we set its state to EXIT_DEAD .
*/
read_unlock ( & tasklist_lock ) ;
retval = ru ? getrusage ( p , RUSAGE_BOTH , ru ) : 0 ;
status = ( p - > signal - > flags & SIGNAL_GROUP_EXIT )
? p - > signal - > group_exit_code : p - > exit_code ;
if ( ! retval & & stat_addr )
retval = put_user ( status , stat_addr ) ;
if ( ! retval & & infop )
retval = put_user ( SIGCHLD , & infop - > si_signo ) ;
if ( ! retval & & infop )
retval = put_user ( 0 , & infop - > si_errno ) ;
if ( ! retval & & infop ) {
int why ;
if ( ( status & 0x7f ) = = 0 ) {
why = CLD_EXITED ;
status > > = 8 ;
} else {
why = ( status & 0x80 ) ? CLD_DUMPED : CLD_KILLED ;
status & = 0x7f ;
}
retval = put_user ( ( short ) why , & infop - > si_code ) ;
if ( ! retval )
retval = put_user ( status , & infop - > si_status ) ;
}
if ( ! retval & & infop )
2008-02-08 15:19:07 +03:00
retval = put_user ( pid , & infop - > si_pid ) ;
2005-04-17 02:20:36 +04:00
if ( ! retval & & infop )
2008-11-14 02:39:19 +03:00
retval = put_user ( uid , & infop - > si_uid ) ;
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
if ( ! retval )
2008-02-08 15:19:07 +03:00
retval = pid ;
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
if ( traced ) {
2005-04-17 02:20:36 +04:00
write_lock_irq ( & tasklist_lock ) ;
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
/* We dropped tasklist, ptracer could die and untrace */
ptrace_unlink ( p ) ;
/*
* If this is not a detached task , notify the parent .
* If it ' s still not detached after that , don ' t release
* it now .
*/
2008-04-30 11:53:11 +04:00
if ( ! task_detached ( p ) ) {
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
do_notify_parent ( p , p - > exit_signal ) ;
2008-04-30 11:53:11 +04:00
if ( ! task_detached ( p ) ) {
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
p - > exit_state = EXIT_ZOMBIE ;
p = NULL ;
2005-04-17 02:20:36 +04:00
}
}
write_unlock_irq ( & tasklist_lock ) ;
}
if ( p ! = NULL )
release_task ( p ) ;
wait_task_zombie: fix 2/3 races vs forget_original_parent()
Two threads, T1 and T2. T2 ptraces P, and P is not a child of ptracer's
thread group. P exits and goes to TASK_ZOMBIE.
T1 does wait_task_zombie(P):
P->exit_state = TASK_DEAD;
...
read_unlock(&tasklist_lock);
T2 does exit(), takes tasklist,
forget_original_parent() does
__ptrace_unlink(P) but doesn't
call do_notify_parent(P) because
p->exit_state == EXIT_DEAD.
Now, P is not visible to our process: __ptrace_unlink() removed it from
->children. We should send notification to P->parent and release P if and
only if SIGCHLD is ignored.
And we have 3 bugs:
1. P->parent does do_wait() and gets -ECHILD (P is on ->parent->children,
but its state is TASK_DEAD).
2. // wait_task_zombie() continues
if (put_user(...)) {
// TODO: is this safe?
p->exit_state = EXIT_ZOMBIE;
return;
}
we return without notification/release, task_struct leaked.
Solution: ignore -EFAULT and proceed. It is an application's bug if
we can't fill infop/stat_addr (in case of VM_FAULT_OOM we have much
more problems).
3. // wait_task_zombie() continues
if (p->real_parent != p->parent) {
// Not taken, it was untraced'ed
...
}
release_task(p);
we released the task which we shouldn't.
Solution: check ->real_parent != ->parent before, under tasklist_lock,
but use ptrace_unlink() instead of __ptrace_unlink() to check ->ptrace.
This patch hopefully solves 2 and 3, the 1st bug will be fixed later, we need
some cleanups in forget_original_parent/reparent_thread.
However, the first race is very unlikely and not critical, so I hope it makes
sense to fix 1 and 2 for now.
4. Small cleanup: don't "restore" EXIT_ZOMBIE unless we know we are not going
to realease the child.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 10:26:58 +04:00
2005-04-17 02:20:36 +04:00
return retval ;
}
do_wait: fix waiting for the group stop with the dead leader
do_wait(WSTOPPED) assumes that p->state must be == TASK_STOPPED, this is
not true if the leader is already dead. Check SIGNAL_STOP_STOPPED instead
and use signal->group_exit_code.
Trivial test-case:
void *tfunc(void *arg)
{
pause();
return NULL;
}
int main(void)
{
pthread_t thr;
pthread_create(&thr, NULL, tfunc, NULL);
pthread_exit(NULL);
return 0;
}
It doesn't react to ^Z (and then to ^C or ^\). The task is stopped, but
bash can't see this.
The bug is very old, and it was reported multiple times. This patch was sent
more than a year ago (http://marc.info/?t=119713920000003) but it was ignored.
This change also fixes other oddities (but not all) in this area. For
example, before this patch:
$ sleep 100
^Z
[1]+ Stopped sleep 100
$ strace -p `pidof sleep`
Process 11442 attached - interrupt to quit
strace hangs in do_wait(), because ->exit_code was already consumed by
bash. After this patch, strace happily proceeds:
--- SIGTSTP (Stopped) @ 0 (0) ---
restart_syscall(<... resuming interrupted call ...>
To me, this looks much more "natural" and correct.
Another example. Let's suppose we have the main thread M and sub-thread
T, the process is stopped, and its parent did wait(WSTOPPED). Now we can
ptrace T but not M. This looks at least strange to me.
Imho, do_wait() should not confuse the per-thread ptrace stops with the
per-process job control stops.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: Kaz Kylheku <kkylheku@gmail.com>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-03 03:57:58 +04:00
static int * task_stopped_code ( struct task_struct * p , bool ptrace )
{
if ( ptrace ) {
if ( task_is_stopped_or_traced ( p ) )
return & p - > exit_code ;
} else {
if ( p - > signal - > flags & SIGNAL_STOP_STOPPED )
return & p - > signal - > group_exit_code ;
}
return NULL ;
}
2005-04-17 02:20:36 +04:00
/*
* Handle sys_wait4 work for one task in state TASK_STOPPED . We hold
* read_lock ( & tasklist_lock ) on entry . If we return zero , we still hold
* the lock and this task is uninteresting . If we return nonzero , we have
* released the lock and the system call should return .
*/
2008-03-25 04:36:23 +03:00
static int wait_task_stopped ( int ptrace , struct task_struct * p ,
2008-03-20 05:24:59 +03:00
int options , struct siginfo __user * infop ,
2005-04-17 02:20:36 +04:00
int __user * stat_addr , struct rusage __user * ru )
{
do_wait: fix waiting for the group stop with the dead leader
do_wait(WSTOPPED) assumes that p->state must be == TASK_STOPPED, this is
not true if the leader is already dead. Check SIGNAL_STOP_STOPPED instead
and use signal->group_exit_code.
Trivial test-case:
void *tfunc(void *arg)
{
pause();
return NULL;
}
int main(void)
{
pthread_t thr;
pthread_create(&thr, NULL, tfunc, NULL);
pthread_exit(NULL);
return 0;
}
It doesn't react to ^Z (and then to ^C or ^\). The task is stopped, but
bash can't see this.
The bug is very old, and it was reported multiple times. This patch was sent
more than a year ago (http://marc.info/?t=119713920000003) but it was ignored.
This change also fixes other oddities (but not all) in this area. For
example, before this patch:
$ sleep 100
^Z
[1]+ Stopped sleep 100
$ strace -p `pidof sleep`
Process 11442 attached - interrupt to quit
strace hangs in do_wait(), because ->exit_code was already consumed by
bash. After this patch, strace happily proceeds:
--- SIGTSTP (Stopped) @ 0 (0) ---
restart_syscall(<... resuming interrupted call ...>
To me, this looks much more "natural" and correct.
Another example. Let's suppose we have the main thread M and sub-thread
T, the process is stopped, and its parent did wait(WSTOPPED). Now we can
ptrace T but not M. This looks at least strange to me.
Imho, do_wait() should not confuse the per-thread ptrace stops with the
per-process job control stops.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: Kaz Kylheku <kkylheku@gmail.com>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-03 03:57:58 +04:00
int retval , exit_code , * p_code , why ;
2008-02-08 15:19:01 +03:00
uid_t uid = 0 ; /* unneeded, required by compiler */
2007-11-29 03:21:24 +03:00
pid_t pid ;
2005-04-17 02:20:36 +04:00
2008-03-25 04:36:23 +03:00
if ( ! ( options & WUNTRACED ) )
2008-03-20 05:24:59 +03:00
return 0 ;
2008-02-08 15:19:01 +03:00
exit_code = 0 ;
spin_lock_irq ( & p - > sighand - > siglock ) ;
do_wait: fix waiting for the group stop with the dead leader
do_wait(WSTOPPED) assumes that p->state must be == TASK_STOPPED, this is
not true if the leader is already dead. Check SIGNAL_STOP_STOPPED instead
and use signal->group_exit_code.
Trivial test-case:
void *tfunc(void *arg)
{
pause();
return NULL;
}
int main(void)
{
pthread_t thr;
pthread_create(&thr, NULL, tfunc, NULL);
pthread_exit(NULL);
return 0;
}
It doesn't react to ^Z (and then to ^C or ^\). The task is stopped, but
bash can't see this.
The bug is very old, and it was reported multiple times. This patch was sent
more than a year ago (http://marc.info/?t=119713920000003) but it was ignored.
This change also fixes other oddities (but not all) in this area. For
example, before this patch:
$ sleep 100
^Z
[1]+ Stopped sleep 100
$ strace -p `pidof sleep`
Process 11442 attached - interrupt to quit
strace hangs in do_wait(), because ->exit_code was already consumed by
bash. After this patch, strace happily proceeds:
--- SIGTSTP (Stopped) @ 0 (0) ---
restart_syscall(<... resuming interrupted call ...>
To me, this looks much more "natural" and correct.
Another example. Let's suppose we have the main thread M and sub-thread
T, the process is stopped, and its parent did wait(WSTOPPED). Now we can
ptrace T but not M. This looks at least strange to me.
Imho, do_wait() should not confuse the per-thread ptrace stops with the
per-process job control stops.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: Kaz Kylheku <kkylheku@gmail.com>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-03 03:57:58 +04:00
p_code = task_stopped_code ( p , ptrace ) ;
if ( unlikely ( ! p_code ) )
2008-02-08 15:19:01 +03:00
goto unlock_sig ;
do_wait: fix waiting for the group stop with the dead leader
do_wait(WSTOPPED) assumes that p->state must be == TASK_STOPPED, this is
not true if the leader is already dead. Check SIGNAL_STOP_STOPPED instead
and use signal->group_exit_code.
Trivial test-case:
void *tfunc(void *arg)
{
pause();
return NULL;
}
int main(void)
{
pthread_t thr;
pthread_create(&thr, NULL, tfunc, NULL);
pthread_exit(NULL);
return 0;
}
It doesn't react to ^Z (and then to ^C or ^\). The task is stopped, but
bash can't see this.
The bug is very old, and it was reported multiple times. This patch was sent
more than a year ago (http://marc.info/?t=119713920000003) but it was ignored.
This change also fixes other oddities (but not all) in this area. For
example, before this patch:
$ sleep 100
^Z
[1]+ Stopped sleep 100
$ strace -p `pidof sleep`
Process 11442 attached - interrupt to quit
strace hangs in do_wait(), because ->exit_code was already consumed by
bash. After this patch, strace happily proceeds:
--- SIGTSTP (Stopped) @ 0 (0) ---
restart_syscall(<... resuming interrupted call ...>
To me, this looks much more "natural" and correct.
Another example. Let's suppose we have the main thread M and sub-thread
T, the process is stopped, and its parent did wait(WSTOPPED). Now we can
ptrace T but not M. This looks at least strange to me.
Imho, do_wait() should not confuse the per-thread ptrace stops with the
per-process job control stops.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: Kaz Kylheku <kkylheku@gmail.com>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-03 03:57:58 +04:00
exit_code = * p_code ;
2008-02-08 15:19:01 +03:00
if ( ! exit_code )
goto unlock_sig ;
2008-03-20 05:24:59 +03:00
if ( ! unlikely ( options & WNOWAIT ) )
do_wait: fix waiting for the group stop with the dead leader
do_wait(WSTOPPED) assumes that p->state must be == TASK_STOPPED, this is
not true if the leader is already dead. Check SIGNAL_STOP_STOPPED instead
and use signal->group_exit_code.
Trivial test-case:
void *tfunc(void *arg)
{
pause();
return NULL;
}
int main(void)
{
pthread_t thr;
pthread_create(&thr, NULL, tfunc, NULL);
pthread_exit(NULL);
return 0;
}
It doesn't react to ^Z (and then to ^C or ^\). The task is stopped, but
bash can't see this.
The bug is very old, and it was reported multiple times. This patch was sent
more than a year ago (http://marc.info/?t=119713920000003) but it was ignored.
This change also fixes other oddities (but not all) in this area. For
example, before this patch:
$ sleep 100
^Z
[1]+ Stopped sleep 100
$ strace -p `pidof sleep`
Process 11442 attached - interrupt to quit
strace hangs in do_wait(), because ->exit_code was already consumed by
bash. After this patch, strace happily proceeds:
--- SIGTSTP (Stopped) @ 0 (0) ---
restart_syscall(<... resuming interrupted call ...>
To me, this looks much more "natural" and correct.
Another example. Let's suppose we have the main thread M and sub-thread
T, the process is stopped, and its parent did wait(WSTOPPED). Now we can
ptrace T but not M. This looks at least strange to me.
Imho, do_wait() should not confuse the per-thread ptrace stops with the
per-process job control stops.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: Kaz Kylheku <kkylheku@gmail.com>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-03 03:57:58 +04:00
* p_code = 0 ;
2008-02-08 15:19:01 +03:00
2008-11-14 02:39:19 +03:00
/* don't need the RCU readlock here as we're holding a spinlock */
uid = __task_cred ( p ) - > uid ;
2008-02-08 15:19:01 +03:00
unlock_sig :
spin_unlock_irq ( & p - > sighand - > siglock ) ;
if ( ! exit_code )
2005-04-17 02:20:36 +04:00
return 0 ;
/*
* Now we are pretty sure this task is interesting .
* Make sure it doesn ' t get reaped out from under us while we
* give up the lock and then examine it below . We don ' t want to
* keep holding onto the tasklist_lock while we call getrusage and
* possibly take page faults for user memory .
*/
get_task_struct ( p ) ;
2008-02-08 15:19:20 +03:00
pid = task_pid_vnr ( p ) ;
2008-03-25 04:36:23 +03:00
why = ptrace ? CLD_TRAPPED : CLD_STOPPED ;
2005-04-17 02:20:36 +04:00
read_unlock ( & tasklist_lock ) ;
2008-03-20 05:24:59 +03:00
if ( unlikely ( options & WNOWAIT ) )
2005-04-17 02:20:36 +04:00
return wait_noreap_copyout ( p , pid , uid ,
2007-11-29 03:22:07 +03:00
why , exit_code ,
2005-04-17 02:20:36 +04:00
infop , ru ) ;
retval = ru ? getrusage ( p , RUSAGE_BOTH , ru ) : 0 ;
if ( ! retval & & stat_addr )
retval = put_user ( ( exit_code < < 8 ) | 0x7f , stat_addr ) ;
if ( ! retval & & infop )
retval = put_user ( SIGCHLD , & infop - > si_signo ) ;
if ( ! retval & & infop )
retval = put_user ( 0 , & infop - > si_errno ) ;
if ( ! retval & & infop )
2008-03-08 22:41:22 +03:00
retval = put_user ( ( short ) why , & infop - > si_code ) ;
2005-04-17 02:20:36 +04:00
if ( ! retval & & infop )
retval = put_user ( exit_code , & infop - > si_status ) ;
if ( ! retval & & infop )
2007-11-29 03:21:24 +03:00
retval = put_user ( pid , & infop - > si_pid ) ;
2005-04-17 02:20:36 +04:00
if ( ! retval & & infop )
2008-02-08 15:19:01 +03:00
retval = put_user ( uid , & infop - > si_uid ) ;
2005-04-17 02:20:36 +04:00
if ( ! retval )
2007-11-29 03:21:24 +03:00
retval = pid ;
2005-04-17 02:20:36 +04:00
put_task_struct ( p ) ;
BUG_ON ( ! retval ) ;
return retval ;
}
/*
* Handle do_wait work for one task in a live , non - stopped state .
* read_lock ( & tasklist_lock ) on entry . If we return zero , we still hold
* the lock and this task is uninteresting . If we return nonzero , we have
* released the lock and the system call should return .
*/
2008-03-20 05:24:59 +03:00
static int wait_task_continued ( struct task_struct * p , int options ,
2005-04-17 02:20:36 +04:00
struct siginfo __user * infop ,
int __user * stat_addr , struct rusage __user * ru )
{
int retval ;
pid_t pid ;
uid_t uid ;
2008-03-20 05:24:59 +03:00
if ( ! unlikely ( options & WCONTINUED ) )
return 0 ;
2005-04-17 02:20:36 +04:00
if ( ! ( p - > signal - > flags & SIGNAL_STOP_CONTINUED ) )
return 0 ;
spin_lock_irq ( & p - > sighand - > siglock ) ;
/* Re-check with the lock held. */
if ( ! ( p - > signal - > flags & SIGNAL_STOP_CONTINUED ) ) {
spin_unlock_irq ( & p - > sighand - > siglock ) ;
return 0 ;
}
2008-03-20 05:24:59 +03:00
if ( ! unlikely ( options & WNOWAIT ) )
2005-04-17 02:20:36 +04:00
p - > signal - > flags & = ~ SIGNAL_STOP_CONTINUED ;
2008-11-14 02:39:19 +03:00
uid = __task_cred ( p ) - > uid ;
2005-04-17 02:20:36 +04:00
spin_unlock_irq ( & p - > sighand - > siglock ) ;
2008-02-08 15:19:20 +03:00
pid = task_pid_vnr ( p ) ;
2005-04-17 02:20:36 +04:00
get_task_struct ( p ) ;
read_unlock ( & tasklist_lock ) ;
if ( ! infop ) {
retval = ru ? getrusage ( p , RUSAGE_BOTH , ru ) : 0 ;
put_task_struct ( p ) ;
if ( ! retval & & stat_addr )
retval = put_user ( 0xffff , stat_addr ) ;
if ( ! retval )
2008-02-08 15:19:07 +03:00
retval = pid ;
2005-04-17 02:20:36 +04:00
} else {
retval = wait_noreap_copyout ( p , pid , uid ,
CLD_CONTINUED , SIGCONT ,
infop , ru ) ;
BUG_ON ( retval = = 0 ) ;
}
return retval ;
}
2008-03-20 05:24:59 +03:00
/*
* Consider @ p for a wait by @ parent .
*
* - ECHILD should be in * @ notask_error before the first call .
* Returns nonzero for a final return , when we have unlocked tasklist_lock .
* Returns zero if the search for a child should continue ;
2008-03-31 05:41:25 +04:00
* then * @ notask_error is 0 if @ p is an eligible child ,
* or another error from security_task_wait ( ) , or still - ECHILD .
2008-03-20 05:24:59 +03:00
*/
2008-03-25 04:36:23 +03:00
static int wait_consider_task ( struct task_struct * parent , int ptrace ,
2008-03-20 05:24:59 +03:00
struct task_struct * p , int * notask_error ,
enum pid_type type , struct pid * pid , int options ,
struct siginfo __user * infop ,
int __user * stat_addr , struct rusage __user * ru )
{
int ret = eligible_child ( type , pid , options , p ) ;
2008-03-31 05:41:25 +04:00
if ( ! ret )
2008-03-20 05:24:59 +03:00
return ret ;
2008-03-31 05:41:25 +04:00
if ( unlikely ( ret < 0 ) ) {
/*
* If we have not yet seen any eligible child ,
* then let this error code replace - ECHILD .
* A permission error will give the user a clue
* to look for security policy problems , rather
* than for mysterious wait bugs .
*/
if ( * notask_error )
* notask_error = ret ;
}
2008-03-25 04:36:23 +03:00
if ( likely ( ! ptrace ) & & unlikely ( p - > ptrace ) ) {
/*
* This child is hidden by ptrace .
* We aren ' t allowed to see it now , but eventually we will .
*/
* notask_error = 0 ;
return 0 ;
}
2008-03-20 05:24:59 +03:00
if ( p - > exit_state = = EXIT_DEAD )
return 0 ;
/*
* We don ' t reap group leaders with subthreads .
*/
if ( p - > exit_state = = EXIT_ZOMBIE & & ! delay_group_leader ( p ) )
return wait_task_zombie ( p , options , infop , stat_addr , ru ) ;
/*
* It ' s stopped or running now , so it might
* later continue , exit , or stop again .
*/
* notask_error = 0 ;
do_wait: fix waiting for the group stop with the dead leader
do_wait(WSTOPPED) assumes that p->state must be == TASK_STOPPED, this is
not true if the leader is already dead. Check SIGNAL_STOP_STOPPED instead
and use signal->group_exit_code.
Trivial test-case:
void *tfunc(void *arg)
{
pause();
return NULL;
}
int main(void)
{
pthread_t thr;
pthread_create(&thr, NULL, tfunc, NULL);
pthread_exit(NULL);
return 0;
}
It doesn't react to ^Z (and then to ^C or ^\). The task is stopped, but
bash can't see this.
The bug is very old, and it was reported multiple times. This patch was sent
more than a year ago (http://marc.info/?t=119713920000003) but it was ignored.
This change also fixes other oddities (but not all) in this area. For
example, before this patch:
$ sleep 100
^Z
[1]+ Stopped sleep 100
$ strace -p `pidof sleep`
Process 11442 attached - interrupt to quit
strace hangs in do_wait(), because ->exit_code was already consumed by
bash. After this patch, strace happily proceeds:
--- SIGTSTP (Stopped) @ 0 (0) ---
restart_syscall(<... resuming interrupted call ...>
To me, this looks much more "natural" and correct.
Another example. Let's suppose we have the main thread M and sub-thread
T, the process is stopped, and its parent did wait(WSTOPPED). Now we can
ptrace T but not M. This looks at least strange to me.
Imho, do_wait() should not confuse the per-thread ptrace stops with the
per-process job control stops.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: Kaz Kylheku <kkylheku@gmail.com>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-03 03:57:58 +04:00
if ( task_stopped_code ( p , ptrace ) )
2008-03-25 04:36:23 +03:00
return wait_task_stopped ( ptrace , p , options ,
infop , stat_addr , ru ) ;
2008-03-20 05:24:59 +03:00
return wait_task_continued ( p , options , infop , stat_addr , ru ) ;
}
/*
* Do the work of do_wait ( ) for one thread in the group , @ tsk .
*
* - ECHILD should be in * @ notask_error before the first call .
* Returns nonzero for a final return , when we have unlocked tasklist_lock .
* Returns zero if the search for a child should continue ; then
2008-03-31 05:41:25 +04:00
* * @ notask_error is 0 if there were any eligible children ,
* or another error from security_task_wait ( ) , or still - ECHILD .
2008-03-20 05:24:59 +03:00
*/
static int do_wait_thread ( struct task_struct * tsk , int * notask_error ,
enum pid_type type , struct pid * pid , int options ,
struct siginfo __user * infop , int __user * stat_addr ,
struct rusage __user * ru )
{
struct task_struct * p ;
list_for_each_entry ( p , & tsk - > children , sibling ) {
2008-03-25 04:36:23 +03:00
/*
* Do not consider detached threads .
*/
if ( ! task_detached ( p ) ) {
int ret = wait_consider_task ( tsk , 0 , p , notask_error ,
type , pid , options ,
infop , stat_addr , ru ) ;
if ( ret )
return ret ;
}
2008-03-20 05:24:59 +03:00
}
return 0 ;
}
static int ptrace_do_wait ( struct task_struct * tsk , int * notask_error ,
enum pid_type type , struct pid * pid , int options ,
struct siginfo __user * infop , int __user * stat_addr ,
struct rusage __user * ru )
{
struct task_struct * p ;
/*
2008-03-25 04:36:23 +03:00
* Traditionally we see ptrace ' d stopped tasks regardless of options .
2008-03-20 05:24:59 +03:00
*/
2008-03-25 04:36:23 +03:00
options | = WUNTRACED ;
2008-03-20 05:24:59 +03:00
2008-03-25 04:36:23 +03:00
list_for_each_entry ( p , & tsk - > ptraced , ptrace_entry ) {
int ret = wait_consider_task ( tsk , 1 , p , notask_error ,
type , pid , options ,
infop , stat_addr , ru ) ;
if ( ret )
2008-03-20 05:24:59 +03:00
return ret ;
}
return 0 ;
}
2008-02-08 15:19:14 +03:00
static long do_wait ( enum pid_type type , struct pid * pid , int options ,
struct siginfo __user * infop , int __user * stat_addr ,
struct rusage __user * ru )
2005-04-17 02:20:36 +04:00
{
DECLARE_WAITQUEUE ( wait , current ) ;
struct task_struct * tsk ;
2008-03-20 05:24:59 +03:00
int retval ;
2005-04-17 02:20:36 +04:00
tracing, sched: LTTng instrumentation - scheduler
Instrument the scheduler activity (sched_switch, migration, wakeups,
wait for a task, signal delivery) and process/thread
creation/destruction (fork, exit, kthread stop). Actually, kthread
creation is not instrumented in this patch because it is architecture
dependent. It allows to connect tracers such as ftrace which detects
scheduling latencies, good/bad scheduler decisions. Tools like LTTng can
export this scheduler information along with instrumentation of the rest
of the kernel activity to perform post-mortem analysis on the scheduler
activity.
About the performance impact of tracepoints (which is comparable to
markers), even without immediate values optimizations, tests done by
Hideo Aoki on ia64 show no regression. His test case was using hackbench
on a kernel where scheduler instrumentation (about 5 events in code
scheduler code) was added. See the "Tracepoints" patch header for
performance result detail.
Changelog :
- Change instrumentation location and parameter to match ftrace
instrumentation, previously done with kernel markers.
[ mingo@elte.hu: conflict resolutions ]
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Acked-by: 'Peter Zijlstra' <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-18 20:16:17 +04:00
trace_sched_process_wait ( pid ) ;
2005-04-17 02:20:36 +04:00
add_wait_queue ( & current - > signal - > wait_chldexit , & wait ) ;
repeat :
2008-03-20 05:24:59 +03:00
/*
* If there is nothing that can match our critiera just get out .
* We will clear @ retval to zero if we see any child that might later
* match our criteria , even if we are not able to reap it yet .
*/
2008-02-08 15:19:14 +03:00
retval = - ECHILD ;
if ( ( type < PIDTYPE_MAX ) & & ( ! pid | | hlist_empty ( & pid - > tasks [ type ] ) ) )
goto end ;
2005-04-17 02:20:36 +04:00
current - > state = TASK_INTERRUPTIBLE ;
read_lock ( & tasklist_lock ) ;
tsk = current ;
do {
2008-03-20 05:24:59 +03:00
int tsk_result = do_wait_thread ( tsk , & retval ,
type , pid , options ,
infop , stat_addr , ru ) ;
if ( ! tsk_result )
tsk_result = ptrace_do_wait ( tsk , & retval ,
type , pid , options ,
infop , stat_addr , ru ) ;
if ( tsk_result ) {
/*
* tasklist_lock is unlocked and we have a final result .
*/
retval = tsk_result ;
goto end ;
2005-04-17 02:20:36 +04:00
}
2008-03-20 05:24:59 +03:00
2005-04-17 02:20:36 +04:00
if ( options & __WNOTHREAD )
break ;
tsk = next_thread ( tsk ) ;
2006-06-23 13:06:06 +04:00
BUG_ON ( tsk - > signal ! = current - > signal ) ;
2005-04-17 02:20:36 +04:00
} while ( tsk ! = current ) ;
read_unlock ( & tasklist_lock ) ;
2008-02-08 15:19:06 +03:00
2008-03-20 05:24:59 +03:00
if ( ! retval & & ! ( options & WNOHANG ) ) {
2005-04-17 02:20:36 +04:00
retval = - ERESTARTSYS ;
2008-03-20 05:24:59 +03:00
if ( ! signal_pending ( current ) ) {
schedule ( ) ;
goto repeat ;
}
2005-04-17 02:20:36 +04:00
}
2008-03-20 05:24:59 +03:00
2005-04-17 02:20:36 +04:00
end :
current - > state = TASK_RUNNING ;
remove_wait_queue ( & current - > signal - > wait_chldexit , & wait ) ;
if ( infop ) {
if ( retval > 0 )
2008-02-08 15:19:02 +03:00
retval = 0 ;
2005-04-17 02:20:36 +04:00
else {
/*
* For a WNOHANG return , clear out all the fields
* we would set so the user can easily tell the
* difference .
*/
if ( ! retval )
retval = put_user ( 0 , & infop - > si_signo ) ;
if ( ! retval )
retval = put_user ( 0 , & infop - > si_errno ) ;
if ( ! retval )
retval = put_user ( 0 , & infop - > si_code ) ;
if ( ! retval )
retval = put_user ( 0 , & infop - > si_pid ) ;
if ( ! retval )
retval = put_user ( 0 , & infop - > si_uid ) ;
if ( ! retval )
retval = put_user ( 0 , & infop - > si_status ) ;
}
}
return retval ;
}
2009-01-14 16:14:10 +03:00
SYSCALL_DEFINE5 ( waitid , int , which , pid_t , upid , struct siginfo __user * ,
infop , int , options , struct rusage __user * , ru )
2005-04-17 02:20:36 +04:00
{
2008-02-08 15:19:14 +03:00
struct pid * pid = NULL ;
enum pid_type type ;
2005-04-17 02:20:36 +04:00
long ret ;
if ( options & ~ ( WNOHANG | WNOWAIT | WEXITED | WSTOPPED | WCONTINUED ) )
return - EINVAL ;
if ( ! ( options & ( WEXITED | WSTOPPED | WCONTINUED ) ) )
return - EINVAL ;
switch ( which ) {
case P_ALL :
2008-02-08 15:19:14 +03:00
type = PIDTYPE_MAX ;
2005-04-17 02:20:36 +04:00
break ;
case P_PID :
2008-02-08 15:19:14 +03:00
type = PIDTYPE_PID ;
if ( upid < = 0 )
2005-04-17 02:20:36 +04:00
return - EINVAL ;
break ;
case P_PGID :
2008-02-08 15:19:14 +03:00
type = PIDTYPE_PGID ;
if ( upid < = 0 )
2005-04-17 02:20:36 +04:00
return - EINVAL ;
break ;
default :
return - EINVAL ;
}
2008-02-08 15:19:14 +03:00
if ( type < PIDTYPE_MAX )
pid = find_get_pid ( upid ) ;
ret = do_wait ( type , pid , options , infop , NULL , ru ) ;
put_pid ( pid ) ;
2005-04-17 02:20:36 +04:00
/* avoid REGPARM breakage on x86: */
2008-04-11 02:37:38 +04:00
asmlinkage_protect ( 5 , ret , which , upid , infop , options , ru ) ;
2005-04-17 02:20:36 +04:00
return ret ;
}
2009-01-14 16:14:09 +03:00
SYSCALL_DEFINE4 ( wait4 , pid_t , upid , int __user * , stat_addr ,
int , options , struct rusage __user * , ru )
2005-04-17 02:20:36 +04:00
{
2008-02-08 15:19:14 +03:00
struct pid * pid = NULL ;
enum pid_type type ;
2005-04-17 02:20:36 +04:00
long ret ;
if ( options & ~ ( WNOHANG | WUNTRACED | WCONTINUED |
__WNOTHREAD | __WCLONE | __WALL ) )
return - EINVAL ;
2008-02-08 15:19:14 +03:00
if ( upid = = - 1 )
type = PIDTYPE_MAX ;
else if ( upid < 0 ) {
type = PIDTYPE_PGID ;
pid = find_get_pid ( - upid ) ;
} else if ( upid = = 0 ) {
type = PIDTYPE_PGID ;
2009-04-03 03:58:36 +04:00
pid = get_task_pid ( current , PIDTYPE_PGID ) ;
2008-02-08 15:19:14 +03:00
} else /* upid > 0 */ {
type = PIDTYPE_PID ;
pid = find_get_pid ( upid ) ;
}
ret = do_wait ( type , pid , options | WEXITED , NULL , stat_addr , ru ) ;
put_pid ( pid ) ;
2005-04-17 02:20:36 +04:00
/* avoid REGPARM breakage on x86: */
2008-04-11 02:37:38 +04:00
asmlinkage_protect ( 4 , ret , upid , stat_addr , options , ru ) ;
2005-04-17 02:20:36 +04:00
return ret ;
}
# ifdef __ARCH_WANT_SYS_WAITPID
/*
* sys_waitpid ( ) remains for compatibility . waitpid ( ) should be
* implemented by calling sys_wait4 ( ) from libc . a .
*/
2009-01-14 16:14:10 +03:00
SYSCALL_DEFINE3 ( waitpid , pid_t , pid , int __user * , stat_addr , int , options )
2005-04-17 02:20:36 +04:00
{
return sys_wait4 ( pid , stat_addr , options , NULL ) ;
}
# endif