Commit 94095a1f authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull core kernel fixes from Ingo Molnar:
 "This is a complex task_work series from Oleg that fixes the bug that
  this VFS commit tried to fix:

    d35abdb2 hold task_lock around checks in keyctl

  but solves the problem without the lockup regression that d35abdb2
  introduced in v3.6.

  This series came late in v3.6 and I did not feel confident about it so
  late in the cycle.  Might be worth backporting to -stable if it proves
  itself upstream."

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  task_work: Simplify the usage in ptrace_notify() and get_signal_to_deliver()
  task_work: Revert "hold task_lock around checks in keyctl"
  task_work: task_work_add() should not succeed after exit_task_work()
  task_work: Make task_work_add() lockless
parents 620e7753 f784e8a7
...@@ -18,7 +18,6 @@ void task_work_run(void); ...@@ -18,7 +18,6 @@ void task_work_run(void);
static inline void exit_task_work(struct task_struct *task) static inline void exit_task_work(struct task_struct *task)
{ {
if (unlikely(task->task_works))
task_work_run(); task_work_run();
} }
......
...@@ -1971,13 +1971,8 @@ static void ptrace_do_notify(int signr, int exit_code, int why) ...@@ -1971,13 +1971,8 @@ static void ptrace_do_notify(int signr, int exit_code, int why)
void ptrace_notify(int exit_code) void ptrace_notify(int exit_code)
{ {
BUG_ON((exit_code & (0x7f | ~0xffff)) != SIGTRAP); BUG_ON((exit_code & (0x7f | ~0xffff)) != SIGTRAP);
if (unlikely(current->task_works)) { if (unlikely(current->task_works))
if (test_and_clear_ti_thread_flag(current_thread_info(),
TIF_NOTIFY_RESUME)) {
smp_mb__after_clear_bit();
task_work_run(); task_work_run();
}
}
spin_lock_irq(&current->sighand->siglock); spin_lock_irq(&current->sighand->siglock);
ptrace_do_notify(SIGTRAP, exit_code, CLD_TRAPPED); ptrace_do_notify(SIGTRAP, exit_code, CLD_TRAPPED);
...@@ -2198,13 +2193,8 @@ int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka, ...@@ -2198,13 +2193,8 @@ int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka,
struct signal_struct *signal = current->signal; struct signal_struct *signal = current->signal;
int signr; int signr;
if (unlikely(current->task_works)) { if (unlikely(current->task_works))
if (test_and_clear_ti_thread_flag(current_thread_info(),
TIF_NOTIFY_RESUME)) {
smp_mb__after_clear_bit();
task_work_run(); task_work_run();
}
}
if (unlikely(uprobe_deny_signal())) if (unlikely(uprobe_deny_signal()))
return 0; return 0;
......
...@@ -2,26 +2,20 @@ ...@@ -2,26 +2,20 @@
#include <linux/task_work.h> #include <linux/task_work.h>
#include <linux/tracehook.h> #include <linux/tracehook.h>
static struct callback_head work_exited; /* all we need is ->next == NULL */
int int
task_work_add(struct task_struct *task, struct callback_head *twork, bool notify) task_work_add(struct task_struct *task, struct callback_head *work, bool notify)
{ {
struct callback_head *last, *first; struct callback_head *head;
unsigned long flags;
/* do {
* Not inserting the new work if the task has already passed head = ACCESS_ONCE(task->task_works);
* exit_task_work() is the responisbility of callers. if (unlikely(head == &work_exited))
*/ return -ESRCH;
raw_spin_lock_irqsave(&task->pi_lock, flags); work->next = head;
last = task->task_works; } while (cmpxchg(&task->task_works, head, work) != head);
first = last ? last->next : twork;
twork->next = first;
if (last)
last->next = twork;
task->task_works = twork;
raw_spin_unlock_irqrestore(&task->pi_lock, flags);
/* test_and_set_bit() implies mb(), see tracehook_notify_resume(). */
if (notify) if (notify)
set_notify_resume(task); set_notify_resume(task);
return 0; return 0;
...@@ -30,52 +24,69 @@ task_work_add(struct task_struct *task, struct callback_head *twork, bool notify ...@@ -30,52 +24,69 @@ task_work_add(struct task_struct *task, struct callback_head *twork, bool notify
struct callback_head * struct callback_head *
task_work_cancel(struct task_struct *task, task_work_func_t func) task_work_cancel(struct task_struct *task, task_work_func_t func)
{ {
struct callback_head **pprev = &task->task_works;
struct callback_head *work = NULL;
unsigned long flags; unsigned long flags;
struct callback_head *last, *res = NULL; /*
* If cmpxchg() fails we continue without updating pprev.
* Either we raced with task_work_add() which added the
* new entry before this work, we will find it again. Or
* we raced with task_work_run(), *pprev == NULL/exited.
*/
raw_spin_lock_irqsave(&task->pi_lock, flags); raw_spin_lock_irqsave(&task->pi_lock, flags);
last = task->task_works; while ((work = ACCESS_ONCE(*pprev))) {
if (last) { read_barrier_depends();
struct callback_head *q = last, *p = q->next; if (work->func != func)
while (1) { pprev = &work->next;
if (p->func == func) { else if (cmpxchg(pprev, work, work->next) == work)
q->next = p->next;
if (p == last)
task->task_works = q == p ? NULL : q;
res = p;
break;
}
if (p == last)
break; break;
q = p;
p = q->next;
}
} }
raw_spin_unlock_irqrestore(&task->pi_lock, flags); raw_spin_unlock_irqrestore(&task->pi_lock, flags);
return res;
return work;
} }
void task_work_run(void) void task_work_run(void)
{ {
struct task_struct *task = current; struct task_struct *task = current;
struct callback_head *p, *q; struct callback_head *work, *head, *next;
for (;;) {
/*
* work->func() can do task_work_add(), do not set
* work_exited unless the list is empty.
*/
do {
work = ACCESS_ONCE(task->task_works);
head = !work && (task->flags & PF_EXITING) ?
&work_exited : NULL;
} while (cmpxchg(&task->task_works, work, head) != work);
while (1) { if (!work)
raw_spin_lock_irq(&task->pi_lock); break;
p = task->task_works; /*
task->task_works = NULL; * Synchronize with task_work_cancel(). It can't remove
raw_spin_unlock_irq(&task->pi_lock); * the first entry == work, cmpxchg(task_works) should
* fail, but it can play with *work and other entries.
*/
raw_spin_unlock_wait(&task->pi_lock);
smp_mb();
if (unlikely(!p)) /* Reverse the list to run the works in fifo order */
return; head = NULL;
do {
next = work->next;
work->next = head;
head = work;
work = next;
} while (work);
q = p->next; /* head */ work = head;
p->next = NULL; /* cut it */ do {
while (q) { next = work->next;
p = q->next; work->func(work);
q->func(q); work = next;
q = p;
cond_resched(); cond_resched();
} } while (work);
} }
} }
...@@ -1486,7 +1486,6 @@ long keyctl_session_to_parent(void) ...@@ -1486,7 +1486,6 @@ long keyctl_session_to_parent(void)
oldwork = NULL; oldwork = NULL;
parent = me->real_parent; parent = me->real_parent;
task_lock(parent);
/* the parent mustn't be init and mustn't be a kernel thread */ /* the parent mustn't be init and mustn't be a kernel thread */
if (parent->pid <= 1 || !parent->mm) if (parent->pid <= 1 || !parent->mm)
goto unlock; goto unlock;
...@@ -1530,7 +1529,6 @@ long keyctl_session_to_parent(void) ...@@ -1530,7 +1529,6 @@ long keyctl_session_to_parent(void)
if (!ret) if (!ret)
newwork = NULL; newwork = NULL;
unlock: unlock:
task_unlock(parent);
write_unlock_irq(&tasklist_lock); write_unlock_irq(&tasklist_lock);
rcu_read_unlock(); rcu_read_unlock();
if (oldwork) if (oldwork)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment