Return-Path: Received: from localhost (bix [127.0.0.1]) by localhost.localdomain (8.12.10/8.12.10) with ESMTP id k5P0TaaV003929 for ; Sat, 24 Jun 2006 17:29:37 -0700 Received: from bix [127.0.0.1] by localhost with POP3 (fetchmail-6.2.0) for akpm@localhost (single-drop); Sat, 24 Jun 2006 17:29:37 -0700 (PDT) Received: from smtp.osdl.org (smtp.osdl.org [65.172.181.4]) by shell0.pdx.osdl.net (8.13.1/8.11.6) with ESMTP id k5P0Th9R009640 for ; Sat, 24 Jun 2006 17:29:43 -0700 Received: from fallback.mail.elte.hu (fallback.mail.elte.hu [157.181.151.13]) by smtp.osdl.org (8.12.8/8.12.8) with ESMTP id k5P0TeUT011391 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO) for ; Sat, 24 Jun 2006 17:29:42 -0700 Received: from mx3.mail.elte.hu ([157.181.1.138]) by fallback.mail.elte.hu with esmtp (Exim) id 1FuHfV-0003pd-UA from for ; Sun, 25 Jun 2006 01:36:01 +0200 Received: from chiara.elte.hu ([157.181.151.252]) by mx3.mail.elte.hu with esmtp (Exim) id 1FuHfU-0002bS-2x from for ; Sun, 25 Jun 2006 01:36:00 +0200 Received: by chiara.elte.hu (Postfix, from userid 17806) id 34F141FC2; Sun, 25 Jun 2006 01:36:00 +0200 (CEST) Date: Sun, 25 Jun 2006 01:31:12 +0200 From: Ingo Molnar To: Andrew Morton Subject: Re: more -mm2 troubles ... Message-ID: <20060624233112.GA31075@elte.hu> References: <20060624232817.GA30754@elte.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060624232817.GA30754@elte.hu> User-Agent: Mutt/1.4.2.1i Received-SPF: softfail (transitioning domain of mingo@elte.hu does not designate 157.181.151.13 as permitted sender) X-ELTE-SpamScore: 0.0 X-ELTE-SpamLevel: X-ELTE-SpamCheck: no X-ELTE-SpamVersion: ELTE 2.0 X-ELTE-SpamCheck-Details: score=0.0 required=5.9 tests=AWL,BAYES_50 autolearn=no SpamAssassin version=3.0.3 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5037] 0.0 AWL AWL: From: address is in the auto white-list X-ELTE-VirusStatus: clean X-MIMEDefang-Filter: osdl$Revision: 1.135 $ X-Scanned-By: MIMEDefang 2.36 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on bix X-Spam-Level: X-Spam-Status: No, score=-1.7 required=2.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.2 * Ingo Molnar wrote: > hm, look at the sched_exit() => task_rq_lock() use-after-free crash > below. > > I bet it was p->real_parent that got freed. (because at the point we > call sched_exit() we already unlink ourselves from the parent so it is > free to exit) > > We moved sched_exit() within exit.c to an unsafe place in mm2 - what > patch was that? patch below seems to fix it for me. mm2 is now stable. Ingo -------------- Subject: move sched_exit() back to under the tasklist_lock umbrella From: Ingo Molnar seems like sched_exit() cannot be moved to a later stage just yet. Needs more investigation. Signed-off-by: Ingo Molnar --- kernel/exit.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: linux/kernel/exit.c =================================================================== --- linux.orig/kernel/exit.c +++ linux/kernel/exit.c @@ -827,6 +827,7 @@ static void exit_notify(struct task_stru state = EXIT_DEAD; tsk->exit_state = state; + sched_exit(tsk); write_unlock_irq(&tasklist_lock); list_for_each_safe(_p, _n, &ptrace_dead) { @@ -952,8 +953,6 @@ fastcall NORET_TYPE void do_exit(long co if (tsk->splice_pipe) __free_pipe_info(tsk->splice_pipe); - sched_exit(tsk); - /* PF_DEAD causes final put_task_struct after we schedule. */ preempt_disable(); BUG_ON(tsk->flags & PF_DEAD);