2012-11-28 21:50:49

by Greg Thelen

Subject: [PATCH 1/2] cgroup: fix lockdep warning for event_control

The cgroup_event_wake() function is called with the wait queue head
locked and it takes cgrp->event_list_lock. However, in cgroup_rmdir()
remove_wait_queue() was being called after taking
cgrp->event_list_lock. Correct the lock ordering by using a temporary
list to obtain the event list to remove from the wait queue.

Signed-off-by: Greg Thelen <[email protected]>
Signed-off-by: Aaron Durbin <[email protected]>
---
kernel/cgroup.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index ece60d4..a0d75bb 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4276,6 +4276,7 @@ static int cgroup_destroy_locked(struct cgroup *cgrp)
DEFINE_WAIT(wait);
struct cgroup_event *event, *tmp;
struct cgroup_subsys *ss;
+ LIST_HEAD(tmp_list);

lockdep_assert_held(&d->d_inode->i_mutex);
lockdep_assert_held(&cgroup_mutex);
@@ -4330,16 +4331,20 @@ static int cgroup_destroy_locked(struct cgroup *cgrp)
/*
* Unregister events and notify userspace.
* Notify userspace about cgroup removing only after rmdir of cgroup
- * directory to avoid race between userspace and kernelspace
+ * directory to avoid race between userspace and kernelspace. Use
+ * a temporary list to avoid a deadlock with cgroup_event_wake(). Since
+ * cgroup_event_wake() is called with the wait queue head locked,
+ * remove_wait_queue() cannot be called while holding event_list_lock.
*/
spin_lock(&cgrp->event_list_lock);
- list_for_each_entry_safe(event, tmp, &cgrp->event_list, list) {
+ list_splice_init(&cgrp->event_list, &tmp_list);
+ spin_unlock(&cgrp->event_list_lock);
+ list_for_each_entry_safe(event, tmp, &tmp_list, list) {
list_del(&event->list);
remove_wait_queue(event->wqh, &event->wait);
eventfd_signal(event->eventfd, 1);
schedule_work(&event->remove);
}
- spin_unlock(&cgrp->event_list_lock);

return 0;
}
--
1.7.7.3

2012-11-28 21:50:52

by Greg Thelen

Subject: [PATCH 2/2] cgroup: list_del_init() on removed events

Use list_del_init() rather than list_del() to remove events from
cgrp->event_list. No functional change. This is just defensive
coding.

Signed-off-by: Greg Thelen <[email protected]>
---
kernel/cgroup.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index a0d75bb..44c319d 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -3766,7 +3766,7 @@ static int cgroup_event_wake(wait_queue_t *wait, unsigned mode,
if (flags & POLLHUP) {
__remove_wait_queue(event->wqh, &event->wait);
spin_lock(&cgrp->event_list_lock);
- list_del(&event->list);
+ list_del_init(&event->list);
spin_unlock(&cgrp->event_list_lock);
/*
* We are in atomic context, but cgroup_event_remove() may
@@ -4340,7 +4340,7 @@ static int cgroup_destroy_locked(struct cgroup *cgrp)
list_splice_init(&cgrp->event_list, &tmp_list);
spin_unlock(&cgrp->event_list_lock);
list_for_each_entry_safe(event, tmp, &tmp_list, list) {
- list_del(&event->list);
+ list_del_init(&event->list);
remove_wait_queue(event->wqh, &event->wait);
eventfd_signal(event->eventfd, 1);
schedule_work(&event->remove);
--
1.7.7.3

2012-11-28 21:53:27

by Tejun Heo

Subject: Re: [PATCH 2/2] cgroup: list_del_init() on removed events

On Wed, Nov 28, 2012 at 01:50:45PM -0800, Greg Thelen wrote:
> Use list_del_init() rather than list_del() to remove events from
> cgrp->event_list. No functional change. This is just defensive
> coding.
>
> Signed-off-by: Greg Thelen <[email protected]>

Applied 1-2 to cgroup/for-3.8. Thanks!

--
tejun