linux/kernel
Zhang, Yanmin 09f2724a78 sched: fix the race between walk_tg_tree and sched_create_group
With 2.6.27-rc3, I hit a kernel panic when running volanoMark on my
new x86_64 machine. I also hit it with other 2.6.27-rc kernels.
See below log.

Basically, function walk_tg_tree and sched_create_group have a race
between accessing and initiating tg->children. Below patch fixes it
by moving tg->children initiation to the front of linking tg->siblings
to parent->children.

{----------------panic log------------}

BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
IP: [<ffffffff802292ab>] walk_tg_tree+0x45/0x7f
PGD 1be1c4067 PUD 1bdd8d067 PMD 0
Oops: 0000 [1] SMP
CPU 11
Modules linked in: igb
Pid: 22979, comm: java Not tainted 2.6.27-rc3 #1
RIP: 0010:[<ffffffff802292ab>]  [<ffffffff802292ab>] walk_tg_tree+0x45/0x7f
RSP: 0018:ffff8801bfbbbd18  EFLAGS: 00010083
RAX: 0000000000000000 RBX: ffff8800be0dce40 RCX: ffffffffffffffc0
RDX: ffff880102c43740 RSI: 0000000000000000 RDI: ffff8800be0dce40
RBP: ffff8801bfbbbd48 R08: ffff8800ba437bc8 R09: 0000000000001f40
R10: ffff8801be812100 R11: ffffffff805fdf44 R12: ffff880102c43740
R13: 0000000000000000 R14: ffffffff8022cf0f R15: ffffffff8022749f
FS:  00000000568ac950(0063) GS:ffff8801bfa26d00(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 00000001bd848000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process java (pid: 22979, threadinfo ffff8801b145a000, task ffff8801bf18e450)
Stack:  0000000000000001 ffff8800ba5c8d60 0000000000000001 0000000000000001
 ffff8800bad1ccb8 0000000000000000 ffff8801bfbbbd98 ffffffff8022ed37
 0000000000000001 0000000000000286 ffff8801bd5ee180 ffff8800ba437bc8
Call Trace:
 <IRQ>  [<ffffffff8022ed37>] try_to_wake_up+0x71/0x24c
 [<ffffffff80247177>] autoremove_wake_function+0x9/0x2e
 [<ffffffff80228039>] ? __wake_up_common+0x46/0x76
 [<ffffffff802296d5>] __wake_up+0x38/0x4f
 [<ffffffff806169cc>] tcp_v4_rcv+0x380/0x62e

Signed-off-by: Zhang Yanmin <yanmin_zhang@linux.intel.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-08-14 10:58:48 +02:00
..
irq genirq: switch /proc/irq/*/smp_affinity et al to seqfiles 2008-08-12 16:07:30 -07:00
power kexec jump: save/restore device state 2008-07-26 12:00:04 -07:00
time sched clock: revert various sched_clock() changes 2008-07-31 17:20:29 +02:00
trace Merge branch 'linus' into cpus4096 2008-07-28 23:32:00 +02:00
.gitignore
acct.c bsdacct: fix and add comments around acct_process() 2008-07-25 10:53:47 -07:00
audit_tree.c
audit.c [PATCH] Fix the bug of using AUDIT_STATUS_RATE_LIMIT when set fail, no error output. 2008-08-01 12:15:16 -04:00
audit.h
auditfilter.c Re: [PATCH] the loginuid field should be output in all AUDIT_CONFIG_CHANGE audit messages 2008-08-01 12:15:03 -04:00
auditsc.c Re: [PATCH] Fix the kernel panic of audit_filter_task when key field is set 2008-08-04 06:13:50 -04:00
backtracetest.c backtrace: replace timer with tasklet + completions 2008-06-27 18:09:16 +02:00
bounds.c
capability.c security: filesystem capabilities refactor kernel code 2008-07-24 10:47:22 -07:00
cgroup_debug.c
cgroup.c cgroup: uninline cgroup_has_css_refs() 2008-07-30 09:41:44 -07:00
compat.c
configs.c
cpu.c cpu hotplug: s390 doesn't support additional_cpus anymore. 2008-08-12 16:07:28 -07:00
cpuset.c cpuset: clean up cpuset hierarchy traversal code 2008-07-30 09:41:44 -07:00
delayacct.c per-task-delay-accounting: update taskstats for memory reclaim delay 2008-07-25 10:53:47 -07:00
dma-coherent.c DMA: make dma-coherent.c documentation kdoc-friendly 2008-08-07 06:52:01 -07:00
dma.c
exec_domain.c [PATCH] kill altroot 2008-07-26 20:53:20 -04:00
exit.c tracehook: fix exit_signal=0 case 2008-08-01 12:01:11 -07:00
extable.c
fork.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
futex_compat.c
futex.c futexes: fix fault handling in futex_lock_pi 2008-06-23 13:31:15 +02:00
hrtimer.c Merge branch 'generic-ipi' into generic-ipi-for-linus 2008-07-15 21:55:59 +02:00
itimer.c
kallsyms.c kallsyms: fix potential overflow in binary search 2008-07-25 10:53:27 -07:00
Kconfig.hz sched: fix SCHED_HRTICK dependency 2008-07-28 14:37:38 +02:00
Kconfig.preempt
kexec.c kexec jump: save/restore device state 2008-07-26 12:00:04 -07:00
kfifo.c
kgdb.c kgdb: fix gdb serial thread queries 2008-08-01 08:39:35 -05:00
kmod.c call_usermodehelper(): increase reliability 2008-07-25 10:53:28 -07:00
kprobes.c kprobes: remove redundant config check 2008-07-25 10:53:30 -07:00
ksysfs.c
kthread.c tracehook: wait_task_inactive 2008-07-26 12:00:09 -07:00
latencytop.c
lockdep_internals.h lockdep: shrink held_lock structure 2008-08-11 09:30:23 +02:00
lockdep_proc.c lockdep: handle chains involving classes defined in modules 2008-08-11 09:30:26 +02:00
lockdep.c lockdep: fix debug_lock_alloc 2008-08-11 22:45:51 +02:00
Makefile Merge branch 'linus' into core/generic-dma-coherent 2008-07-29 00:07:55 +02:00
marker.c markers: fix markers read barrier for multiple probes 2008-07-30 09:41:45 -07:00
module.c modules: extend initcall_debug functionality to the module loader 2008-08-12 17:52:54 +10:00
mutex-debug.c
mutex-debug.h
mutex.c locking: fix mutex @key parameter kernel-doc notation 2008-07-28 18:12:36 +02:00
mutex.h
notifier.c
ns_cgroup.c cgroup_clone: use pid of newly created task for new cgroup 2008-07-25 10:53:37 -07:00
nsproxy.c cgroup_clone: use pid of newly created task for new cgroup 2008-07-25 10:53:37 -07:00
panic.c Add a WARN() macro; this is WARN_ON() + printk arguments 2008-07-25 10:53:29 -07:00
params.c
pid_namespace.c bsdacct: switch from global bsd_acct_struct instance to per-pidns one 2008-07-25 10:53:47 -07:00
pid.c pidns: remove now unused find_pid function. 2008-07-25 10:53:45 -07:00
pm_qos_params.c pm_qos: spelling fixes 2008-08-05 14:33:50 -07:00
posix-cpu-timers.c
posix-timers.c Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-08-11 16:46:11 -07:00
printk.c printk: fix comment for printk ratelimiting 2008-07-30 09:41:45 -07:00
profile.c build kernel/profile.o only when requested 2008-07-25 10:53:27 -07:00
ptrace.c tracehook: wait_task_inactive 2008-07-26 12:00:09 -07:00
rcuclassic.c stop_machine: Wean existing callers off stop_machine_run() 2008-07-28 12:16:31 +10:00
rcupdate.c Merge branch 'generic-ipi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-07-15 14:12:03 -07:00
rcupreempt_trace.c
rcupreempt.c Merge branch 'linus' into cpus4096 2008-07-16 00:29:07 +02:00
rcutorture.c rcu: make rcutorture even more vicious: invoke RCU readers from irq handlers (timers) 2008-06-26 09:24:33 +02:00
relay.c relay: fix "full buffer with exactly full last subbuffer" accounting problem 2008-08-05 14:33:46 -07:00
res_counter.c cgroup files: convert res_counter_write() to be a cgroups write_string() handler 2008-07-25 10:53:36 -07:00
resource.c resource: add resource_size() 2008-07-30 09:41:43 -07:00
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c sysdev: Pass the attribute to the low level sysdev show/store function 2008-07-21 21:55:02 -07:00
rtmutex.c
rtmutex.h
rwsem.c
sched_clock.c sched_clock: delay using sched_clock() 2008-08-11 08:59:03 +02:00
sched_cpupri.c
sched_cpupri.h
sched_debug.c sched: add full schedstats to /proc/sched_debug 2008-06-27 14:31:31 +02:00
sched_fair.c sched: fix mysql+oltp regression 2008-08-11 14:49:29 +02:00
sched_features.h sched: bias effective_load() error towards failing wake_affine(). 2008-06-27 14:31:47 +02:00
sched_idletask.c
sched_rt.c lockdep: re-annotate scheduler runqueues 2008-08-11 09:30:22 +02:00
sched_stats.h sched: fix accounting in task delay accounting & migration 2008-07-04 12:50:23 +02:00
sched.c sched: fix the race between walk_tg_tree and sched_create_group 2008-08-14 10:58:48 +02:00
seccomp.c
semaphore.c semaphore: __down_common: use signal_pending_state() 2008-08-05 14:33:47 -07:00
signal.c Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-08-11 16:46:11 -07:00
smp.c generic-ipi: fix stack and rcu interaction bug in smp_call_function_mask(), fix 2008-08-12 11:21:27 +02:00
softirq.c Full conversion to early_initcall() interface, remove old interface 2008-07-26 12:00:04 -07:00
softlockup.c Full conversion to early_initcall() interface, remove old interface 2008-07-26 12:00:04 -07:00
spinlock.c lockdep: spin_lock_nest_lock() 2008-08-11 09:30:24 +02:00
srcu.c
stacktrace.c stacktrace: fix modular build, export print_stack_trace and save_stack_trace 2008-06-30 09:20:55 +02:00
stop_machine.c stop_machine: remove unused variable 2008-08-12 17:52:55 +10:00
sys_ni.c signalfd: fix undefined reference to `compat_sys_signalfd4' when !CONFIG_SIGNALFD 2008-07-25 11:35:41 -07:00
sys.c kexec jump 2008-07-26 12:00:04 -07:00
sysctl_check.c sysctl: check for bogus modes 2008-07-25 10:53:45 -07:00
sysctl.c lost sysctl fix 2008-07-27 09:45:34 -07:00
taskstats.c taskstats: remove initialization of static per-cpu variable 2008-07-25 10:53:47 -07:00
test_kprobes.c
time.c
timeconst.pl
timer.c Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm 2008-07-14 16:06:58 -07:00
tsacct.c task IO accounting: move all IO statistics in struct task_io_accounting 2008-07-27 16:12:28 -07:00
uid16.c
user_namespace.c
user.c
utsname_sysctl.c
utsname.c
wait.c
workqueue.c Merge branch 'core/locking' into core/urgent 2008-08-12 00:11:49 +02:00