This patch just states the fact the cpusets/cpuhotplug interaction is
broken and removes the deadlockable code which only pretends to work.

- cpuset_lock() doesn't really work. It is needed for
  cpuset_cpus_allowed_locked() but we can't take this lock in
  try_to_wake_up()->select_fallback_rq() path.

- cpuset_lock() is deadlockable. Suppose that a task T bound to CPU takes
  callback_mutex. If cpu_down(CPU) happens before T drops callback_mutex
  stop_machine() preempts T, then migration_call(CPU_DEAD) tries to take
  cpuset_lock() and hangs forever because CPU is already dead and thus
  T can't be scheduled.

- cpuset_cpus_allowed_locked() is deadlockable too. It takes task_lock()
  which is not irq-safe, but try_to_wake_up() can be called from irq.

Kill them, and change select_fallback_rq() to use cpu_possible_mask, like
we currently do without CONFIG_CPUSETS.

Also, with or without this patch, with or without CONFIG_CPUSETS, the
callers of select_fallback_rq() can race with each other or with
set_cpus_allowed() pathes.

The subsequent patches try to to fix these problems.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---

 include/linux/cpuset.h |   13 -------------
 kernel/cpuset.c        |   27 +--------------------------
 kernel/sched.c         |   10 +++-------
 3 files changed, 4 insertions(+), 46 deletions(-)

--- 34-rc1/include/linux/cpuset.h~1_KILL_CPUSET_LOCK	2010-03-15 09:38:51.000000000 +0100
+++ 34-rc1/include/linux/cpuset.h	2010-03-15 09:40:16.000000000 +0100
@@ -21,8 +21,6 @@ extern int number_of_cpusets;	/* How man
 extern int cpuset_init(void);
 extern void cpuset_init_smp(void);
 extern void cpuset_cpus_allowed(struct task_struct *p, struct cpumask *mask);
-extern void cpuset_cpus_allowed_locked(struct task_struct *p,
-				       struct cpumask *mask);
 extern nodemask_t cpuset_mems_allowed(struct task_struct *p);
 #define cpuset_current_mems_allowed (current->mems_allowed)
 void cpuset_init_current_mems_allowed(void);
@@ -69,9 +67,6 @@ ...
[ message continues ]

The problem what you said don't exist, because the kernel already move T to
the active cpu when preparing to turn off a CPU.

Thanks!
Miao

--

[ message continues ]

we need cpuset_lock() to move T. please look at _cpu_down().

OK.

	A task T holds callback_mutex, and it is bound to CPU 1.

	_cpu_down(cpu => 1) is called by the task X.

	_cpu_down()->stop_machine() spawns rt-threads for each cpu,
	a thread running on CPU 1 preempts T and calls take_cpu_down()
	which removes CPU 1 from online/active masks.

	X continues, and does raw_notifier_call_chain(CPU_DEAD), this
	calls migration_call(CPU_DEAD), and _this_ is what move the
	tasks from the dead CPU.

	migration_call(CPU_DEAD) calls cpuset_lock() and deadlocks.

See?

Oleg.

--

[ message continues ]

But when the kernel want to offline a cpu, it does 
	raw_notifier_call_chain(CPU_DOWN_PREPARE) 
at first. this calls cpuset_track_online_cpus() to update cpuset's cpus
and task->cpus_allowed, and then moves the task running on the dying cpu
to the other online cpu. At that time, rt-threads for each cpu have not
been created.

And when the kernel does migration_call(CPU_DEAD), the rt-threads already
exit. the task that holds callback_mutex can run as normal.



--

[ message continues ]

First of let me note that it is wrong to call scan_for_empty_cpusets()
at CPU_DOWN_PREPARE state. _cpu_down() can fail after that but we can't
revert the result of remove_tasks_in_empty_cpuset().


No, it doesn't track task->cpus_allowed afaics. It only checks
cpumask_empty(cp->cpus_allowed) and does nothing otherwise.

And it is quite possible that the task belongs to some cpuset cs, bound



It can't afaics, please see above.


That said, let me remind. I read this code only once a long ago, during my
first attempt to fix these problems (all my attempts were ignored until
I rerouted my concerns to Peter). It is possible that I missed/forgot/both
something. But when I did the second version I bothered to actually test
my theory and the kernel hanged, see the changelog in
http://marc.info/?t=124910242400002

You was cc'ed too ;)

Oleg.

--

[ message continues ]

Commit-ID:  897f0b3c3ff40b443c84e271bef19bd6ae885195
Gitweb:     http://git.kernel.org/tip/897f0b3c3ff40b443c84e271bef19bd6ae885195
Author:     Oleg Nesterov <oleg@redhat.com>
AuthorDate: Mon, 15 Mar 2010 10:10:03 +0100
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Fri, 2 Apr 2010 20:12:01 +0200

sched: Kill the broken and deadlockable cpuset_lock/cpuset_cpus_allowed_locked code

This patch just states the fact the cpusets/cpuhotplug interaction is
broken and removes the deadlockable code which only pretends to work.

- cpuset_lock() doesn't really work. It is needed for
  cpuset_cpus_allowed_locked() but we can't take this lock in
  try_to_wake_up()->select_fallback_rq() path.

- cpuset_lock() is deadlockable. Suppose that a task T bound to CPU takes
  callback_mutex. If cpu_down(CPU) happens before T drops callback_mutex
  stop_machine() preempts T, then migration_call(CPU_DEAD) tries to take
  cpuset_lock() and hangs forever because CPU is already dead and thus
  T can't be scheduled.

- cpuset_cpus_allowed_locked() is deadlockable too. It takes task_lock()
  which is not irq-safe, but try_to_wake_up() can be called from irq.

Kill them, and change select_fallback_rq() to use cpu_possible_mask, like
we currently do without CONFIG_CPUSETS.

Also, with or without this patch, with or without CONFIG_CPUSETS, the
callers of select_fallback_rq() can race with each other or with
set_cpus_allowed() pathes.

The subsequent patches try to to fix these problems.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <20100315091003.GA9123@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
 include/linux/cpuset.h |   13 -------------
 kernel/cpuset.c        |   27 +--------------------------
 kernel/sched.c         |   10 +++-------
 3 files changed, 4 insertions(+), 46 deletions(-)

diff --git a/include/linux/cpuset.h b/include/linux/cpuset.h
index a5740fc..eeaaee7 100644
--- ...
[ message continues ]