git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4371453)
sched: CPU remove deadlock fix
authorBrian King <brking@linux.vnet.ibm.com>
Tue, 9 Dec 2008 14:47:00 +0000 (08:47 -0600)
committerIngo Molnar <mingo@elte.hu>
Tue, 9 Dec 2008 18:27:03 +0000 (19:27 +0100)
Impact: fix possible deadlock in CPU hot-remove path

This patch fixes a possible deadlock scenario in the CPU remove path.
migration_call grabs rq->lock, then wakes up everything on rq->migration_queue
with the lock held. Then one of the tasks on the migration queue ends up
calling tg_shares_up which then also tries to acquire the same rq->lock.

[c000000058eab2e0c000000000502078 ._spin_lock_irqsave+0x98/0xf0
[c000000058eab370c00000000008011c .tg_shares_up+0x10c/0x20c
[c000000058eab430c00000000007867c .walk_tg_tree+0xc4/0xfc
[c000000058eab4d0c0000000000840c8 .try_to_wake_up+0xb0/0x3c4
[c000000058eab590c0000000000799a0 .__wake_up_common+0x6c/0xe0
[c000000058eab640c00000000007ada4 .complete+0x54/0x80
[c000000058eab6e0c000000000509fa8 .migration_call+0x5fc/0x6f8
[c000000058eab7c0c000000000504074 .notifier_call_chain+0x68/0xe0
[c000000058eab860c000000000506568 ._cpu_down+0x2b0/0x3f4
[c000000058eaba60c000000000506750 .cpu_down+0xa4/0x108
[c000000058eabb10c000000000507e54 .store_online+0x44/0xa8
[c000000058eabba0c000000000396260 .sysdev_store+0x3c/0x50
[c000000058eabc10c0000000001a39b8 .sysfs_write_file+0x124/0x18c
[c000000058eabcd0c00000000013061c .vfs_write+0xd0/0x1bc
[c000000058eabd70c0000000001308a4 .sys_write+0x68/0x114
[c000000058eabe30c0000000000086b4 syscall_exit+0x0/0x40

Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
kernel/sched.c patch | blob | history

diff --git a/kernel/sched.c b/kernel/sched.c
index b7480fb..e4bb1dd 100644 (file)
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -6587,7 +6587,9 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
                        req = list_entry(rq->migration_queue.next,
                                         struct migration_req, list);
                        list_del_init(&req->list);
+                       spin_unlock_irq(&rq->lock);
                        complete(&req->done);
+                       spin_lock_irq(&rq->lock);
                }
                spin_unlock_irq(&rq->lock);
                break;
Pandora Kernel Repository