linux_binfmt->core_dump() runs before the process does exit_aio(), this means
that we can hit the kernel thread which shares the same ->mm. Afaics, nothing
really bad can happen, but perhaps it makes sense to fix this minor bug.
It is sad we have to iterate over all threads in system and use GFP_ATOMIC.
Hopefully we can kill theses ugly do_each_thread()s, but this needs some
nontrivial changes in mm_struct and do_coredump.
Signed-off-by: Oleg Nesterov <[email protected]>
binfmt_elf.c | 6 ++++++
binfmt_elf_fdpic.c | 3 +++
2 files changed, 9 insertions(+)
--- 26-rc2/fs/binfmt_elf.c~CD_SKIP_KTHREAD 2008-06-02 20:46:54.000000000 +0400
+++ 26-rc2/fs/binfmt_elf.c 2008-06-16 20:00:00.000000000 +0400
@@ -1522,6 +1522,9 @@ static int fill_note_info(struct elfhdr
rcu_read_lock();
do_each_thread(g, p)
if (p->mm == dump_task->mm) {
+ if (p->flags & PF_KTHREAD)
+ continue;
+
t = kzalloc(offsetof(struct elf_thread_core_info,
notes[info->thread_notes]),
GFP_ATOMIC);
@@ -1726,6 +1729,9 @@ static int fill_note_info(struct elfhdr
rcu_read_lock();
do_each_thread(g, p)
if (current->mm == p->mm && current != p) {
+ if (p->flags & PF_KTHREAD)
+ continue;
+
ets = kzalloc(sizeof(*ets), GFP_ATOMIC);
if (!ets) {
rcu_read_unlock();
--- 26-rc2/fs/binfmt_elf_fdpic.c~CD_SKIP_KTHREAD 2008-06-02 20:46:54.000000000 +0400
+++ 26-rc2/fs/binfmt_elf_fdpic.c 2008-06-16 18:57:46.000000000 +0400
@@ -1626,6 +1626,9 @@ static int elf_fdpic_core_dump(long sign
rcu_read_lock();
do_each_thread(g,p)
if (current->mm == p->mm && current != p) {
+ if (p->flags & PF_KTHREAD)
+ continue;
+
tmp = kzalloc(sizeof(*tmp), GFP_ATOMIC);
if (!tmp) {
rcu_read_unlock();
Perhaps a little prettier like this:
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1469,6 +1469,12 @@ static int fill_thread_core_info(struct
return 1;
}
+static bool is_dump_thread(struct task_struct *dump_task,
+ struct task_struct *thread)
+{
+ return !(thread->flags & PF_KTHREAD) && thread->mm == dump_task->mm;
+}
+
static int fill_note_info(struct elfhdr *elf, int phdrs,
struct elf_note_info *info,
long signr, struct pt_regs *regs)
@@ -1518,7 +1524,7 @@ static int fill_note_info(struct elfhdr
*/
rcu_read_lock();
do_each_thread(g, p)
- if (p->mm == dump_task->mm) {
+ if (is_dump_thread(dump_task, p)) {
t = kzalloc(offsetof(struct elf_thread_core_info,
notes[info->thread_notes]),
GFP_ATOMIC);
@@ -1722,7 +1728,7 @@ static int fill_note_info(struct elfhdr
struct elf_thread_status *ets;
rcu_read_lock();
do_each_thread(g, p)
- if (current->mm == p->mm && current != p) {
+ if (p != current && is_dump_thread(current, p)) {
ets = kzalloc(sizeof(*ets), GFP_ATOMIC);
if (!ets) {
rcu_read_unlock();
Or maybe you'll have other reasons to add a task_user_mm() that returns
NULL for kthreads, and then just use task_user_mm(p) == dump_task->mm here.
> It is sad we have to iterate over all threads in system and use GFP_ATOMIC.
> Hopefully we can kill theses ugly do_each_thread()s, but this needs some
> nontrivial changes in mm_struct and do_coredump.
Agreed, and twice at that (coredump_wait). But this is something more to
consider for the future, and I wouldn't worry about it right now.
Thanks,
Roland
On 06/19, Roland McGrath wrote:
>
> Perhaps a little prettier like this:
>
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1469,6 +1469,12 @@ static int fill_thread_core_info(struct
> return 1;
> }
>
> +static bool is_dump_thread(struct task_struct *dump_task,
> + struct task_struct *thread)
> +{
> + return !(thread->flags & PF_KTHREAD) && thread->mm == dump_task->mm;
> +}
> +
> static int fill_note_info(struct elfhdr *elf, int phdrs,
> struct elf_note_info *info,
> long signr, struct pt_regs *regs)
> @@ -1518,7 +1524,7 @@ static int fill_note_info(struct elfhdr
> */
> rcu_read_lock();
> do_each_thread(g, p)
> - if (p->mm == dump_task->mm) {
> + if (is_dump_thread(dump_task, p)) {
> t = kzalloc(offsetof(struct elf_thread_core_info,
> notes[info->thread_notes]),
> GFP_ATOMIC);
Agreed.
> > It is sad we have to iterate over all threads in system and use GFP_ATOMIC.
> > Hopefully we can kill theses ugly do_each_thread()s, but this needs some
> > nontrivial changes in mm_struct and do_coredump.
>
> Agreed, and twice at that (coredump_wait). But this is something more to
> consider for the future, and I wouldn't worry about it right now.
In most cases coredump_wait() doesn't need to do for_each_process().
And I think there are other reasons to kill these do_each_thread()s.
We can simplify the code and make the coredumping process visible to
oom_kill. I sent the preparatory patches.
Oleg.