Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754007AbbFLWXf (ORCPT <rfc822;w@1wt.eu>);
	Fri, 12 Jun 2015 18:23:35 -0400
Received: from mx1.redhat.com ([209.132.183.28]:42243 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751459AbbFLWXe (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 12 Jun 2015 18:23:34 -0400
Date: Sat, 13 Jun 2015 00:22:29 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-mml@vger.kernel.org,
        Andy Lutomirski <luto@amacapital.net>,
        Andrew Morton <akpm@linux-foundation.org>,
        Denys Vlasenko <dvlasenk@redhat.com>, Brian Gerst <brgerst@gmail.com>,
        Peter Zijlstra <peterz@infradead.org>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>, Waiman Long <Waiman.Long@hp.com>
Subject: Re: [PATCH 02/12] x86/mm/hotplug: Remove pgd_list use from the
	memory hotplug code
Message-ID: <20150612222229.GA23071@redhat.com>
References: <1434031637-9091-1-git-send-email-mingo@kernel.org> <1434031637-9091-3-git-send-email-mingo@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1434031637-9091-3-git-send-email-mingo@kernel.org>
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1623
Lines: 46

On 06/11, Ingo Molnar wrote:
>
>  void sync_global_pgds(unsigned long start, unsigned long end, int removed)
>  {
> @@ -169,29 +169,33 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
>  
>  	for (address = start; address <= end; address += PGDIR_SIZE) {
>  		const pgd_t *pgd_ref = pgd_offset_k(address);
> -		struct page *page;
> +		struct task_struct *g, *p;
>  
>  		/*
> -		 * When it is called after memory hot remove, pgd_none()
> -		 * returns true. In this case (removed == 1), we must clear
> -		 * the PGD entries in the local PGD level page.
> +		 * When this function is called after memory hot remove,
> +		 * pgd_none() already returns true, but only the reference
> +		 * kernel PGD has been cleared, not the process PGDs.
> +		 *
> +		 * So clear the affected entries in every process PGD as well:
>  		 */
>  		if (pgd_none(*pgd_ref) && !removed)
>  			continue;
>  
>  		spin_lock(&pgd_lock);
> -		list_for_each_entry(page, &pgd_list, lru) {
> -			pgd_t *pgd;
> +
> +		for_each_process_thread(g, p) {

Well, this looks obvously unsafe without rcu_read_lock() at least.

The usage of ->mm doesn't look safe too but this is fixeable, see
my previous reply to 7/12.

And probably I am totally confused, but it seems that 06/12 should
come before this patch? Otherwise, why we can't race with fork() and
miss the new process?

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/