Prev: Bug#584846: Detects only 64MB and fails to boot on Intel Green City board if e820 hooked by GRUB2
Next: pid_ns: Fix proc_flush_task() accessing freed proc_mnt
From: Paul E. McKenney on 24 Jun 2010 15:20
If a single-threaded process does a file-descriptor operation, and
some other process accesses that same file descriptor via /proc,
the current rcu_dereference_check_fdtable() can give a false-positive
RCU-lockdep splat due to the reference count being increased by the
/proc access after the reference-count check in fget_light() but before
the check in rcu_dereference_check_fdtable().

This commit prevents this false positive by checking for a single-threaded
process. To avoid #include hell, this commit uses the wrapper for
thread_group_empty(current) defined by rcu_my_thread_group_empty()
provided in a separate commit.

Located-by: Miles Lane <miles.lane(a)gmail.com>
Located-by: Eric Dumazet <eric.dumazet(a)gmail.com>
Signed-off-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com>
Cc: Al Viro <viro(a)ZenIV.linux.org.uk>
---
fdtable.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/linux/fdtable.h b/include/linux/fdtable.h
index 013dc52..d147461 100644
--- a/include/linux/fdtable.h
+++ b/include/linux/fdtable.h
@@ -61,7 +61,8 @@ struct files_struct {
(rcu_dereference_check((fdtfd), \
rcu_read_lock_held() || \
lockdep_is_held(&(files)->file_lock) || \
- atomic_read(&(files)->count) == 1))
+ atomic_read(&(files)->count) == 1 || \
+ rcu_my_thread_group_empty()))

#define files_fdtable(files) \
(rcu_dereference_check_fdtable((files), (files)->fdt))
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: Bug#584846: Detects only 64MB and fails to boot on Intel Green City board if e820 hooked by GRUB2
Next: pid_ns: Fix proc_flush_task() accessing freed proc_mnt