Prev: AIM7 40% regression with 2.6.26-rc1
Next: Scheduling problems ? [ Was: Linux 2.6.26-rc1 ]
From: KOSAKI Motohiro on 6 May 2008 01:50
on CONFIG_MM_OWNER=y (that is automatically turned on by mem-cgroup),
kernel panic is possible by following scenario in mm_update_next_owner().

1. mm_update_next_owner() is called.
2. found caller task in do_each_thread() loop.
3. thus, BUG_ON(c == p) is true, it become kernel panic.

end up, We should left out current task.


Signed-off-by: KOSAKI Motohiro <kosaki.motohiro(a)jp.fujitsu.com>
CC: Lee Schermerhorn <Lee.Schermerhorn(a)hp.com>
CC: KAMEZAWA Hiroyuki <kamezawa.hiroyu(a)jp.fujitsu.com>
CC: Balbir Singh <balbir(a)linux.vnet.ibm.com>

---
kernel/exit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Index: b/kernel/exit.c
===================================================================
--- a/kernel/exit.c 2008-05-04 22:57:23.000000000 +0900
+++ b/kernel/exit.c 2008-05-06 15:01:26.000000000 +0900
@@ -627,7 +627,7 @@ retry:
* here often
*/
do_each_thread(g, c) {
- if (c->mm == mm)
+ if ((c != p) && (c->mm == mm))
goto assign_new_owner;
} while_each_thread(g, c);


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: AIM7 40% regression with 2.6.26-rc1
Next: Scheduling problems ? [ Was: Linux 2.6.26-rc1 ]