PM: prevent frozen user mode helpers from failing the freezing of tasks

At present, if a user mode helper is running while usermodehelper_pm_callback() is executed, the helper may be frozen and the completion in call_usermodehelper_exec() won't be completed until user space processes are thawed. As a result, the freezing of kernel threads may fail, which is not desirable. Prevent this from happening by introducing a counter of running user mode helpers and allowing usermodehelper_pm_callback() to succeed for action = PM_HIBERNATION_PREPARE or action = PM_SUSPEND_PREPARE only if there are no helpers running. [Namely, usermodehelper_pm_callback() waits for at most RUNNING_HELPERS_TIMEOUT for the number of running helpers to become zero and fails if that doesn't happen.] Special thanks to Uli Luckas <u.luckas@road.de>, Pavel Machek <pavel@ucw.cz> and Oleg Nesterov <oleg@tv-sign.ru> for reviewing the previous versions of this patch and for very useful comments. Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Uli Luckas <u.luckas@road.de> Acked-by: Nigel Cunningham <nigel@nigel.suspend2.net> Acked-by: Pavel Machek <pavel@ucw.cz> Cc: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

PM: prevent frozen user mode helpers from failing the freezing of tasks
At present, if a user mode helper is running while usermodehelper_pm_callback() is executed, the helper may be frozen and the completion in call_usermodehelper_exec() won't be completed until user space processes are thawed. As a result, the freezing of kernel threads may fail, which is not desirable. Prevent this from happening by introducing a counter of running user mode helpers and allowing usermodehelper_pm_callback() to succeed for action = PM_HIBERNATION_PREPARE or action = PM_SUSPEND_PREPARE only if there are no helpers running. [Namely, usermodehelper_pm_callback() waits for at most RUNNING_HELPERS_TIMEOUT for the number of running helpers to become zero and fails if that doesn't happen.] Special thanks to Uli Luckas <u.luckas@road.de>, Pavel Machek <pavel@ucw.cz> and Oleg Nesterov <oleg@tv-sign.ru> for reviewing the previous versions of this patch and for very useful comments. Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Uli Luckas <u.luckas@road.de> Acked-by: Nigel Cunningham <nigel@nigel.suspend2.net> Acked-by: Pavel Machek <pavel@ucw.cz> Cc: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rafael J. Wysocki · Linus Torvalds
1 parent 8cdd4936c1
Showing 1 changed file with 68 additions and 10 deletions Side-by-side Diff
kernel/kmod.c
@@ -41,14 +41,6 @@
  
 static struct workqueue_struct *khelper_wq;
  
-/*
- * If set, both call_usermodehelper_keys() and call_usermodehelper_pipe() exit
- * immediately returning -EBUSY.  Used for preventing user land processes from
- * being created after the user land has been frozen during a system-wide
- * hibernation or suspend operation.
- */
-static int usermodehelper_disabled;
-
 #ifdef CONFIG_KMOD
  
 /*
  
  
@@ -275,15 +267,55 @@
 	}
 }
  
+#ifdef CONFIG_PM
+/*
+ * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY
+ * (used for preventing user land processes from being created after the user
+ * land has been frozen during a system-wide hibernation or suspend operation).
+ */
+static int usermodehelper_disabled;
+
+/* Number of helpers running */
+static atomic_t running_helpers = ATOMIC_INIT(0);
+
+/*
+ * Wait queue head used by usermodehelper_pm_callback() to wait for all running
+ * helpers to finish.
+ */
+static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq);
+
+/*
+ * Time to wait for running_helpers to become zero before the setting of
+ * usermodehelper_disabled in usermodehelper_pm_callback() fails
+ */
+#define RUNNING_HELPERS_TIMEOUT	(5 * HZ)
+
 static int usermodehelper_pm_callback(struct notifier_block *nfb,
 					unsigned long action,
 					void *ignored)
 {
+	long retval;
+
 	switch (action) {
 	case PM_HIBERNATION_PREPARE:
 	case PM_SUSPEND_PREPARE:
 		usermodehelper_disabled = 1;
-		return NOTIFY_OK;
+		smp_mb();
+		/*
+		 * From now on call_usermodehelper_exec() won't start any new
+		 * helpers, so it is sufficient if running_helpers turns out to
+		 * be zero at one point (it may be increased later, but that
+		 * doesn't matter).
+		 */
+		retval = wait_event_timeout(running_helpers_waitq,
+					atomic_read(&running_helpers) == 0,
+					RUNNING_HELPERS_TIMEOUT);
+		if (retval) {
+			return NOTIFY_OK;
+		} else {
+			usermodehelper_disabled = 0;
+			return NOTIFY_BAD;
+		}
 	case PM_POST_HIBERNATION:
 	case PM_POST_SUSPEND:
 		usermodehelper_disabled = 0;
@@ -293,6 +325,30 @@
 	return NOTIFY_DONE;
 }
  
+static void helper_lock(void)
+{
+	atomic_inc(&running_helpers);
+	smp_mb__after_atomic_inc();
+}
+
+static void helper_unlock(void)
+{
+	if (atomic_dec_and_test(&running_helpers))
+		wake_up(&running_helpers_waitq);
+}
+
+static void register_pm_notifier_callback(void)
+{
+	pm_notifier(usermodehelper_pm_callback, 0);
+}
+#else /* CONFIG_PM */
+#define usermodehelper_disabled	0
+
+static inline void helper_lock(void) {}
+static inline void helper_unlock(void) {}
+static inline void register_pm_notifier_callback(void) {}
+#endif /* CONFIG_PM */
+
 /**
  * call_usermodehelper_setup - prepare to call a usermode helper
  * @path - path to usermode executable
@@ -397,6 +453,7 @@
 	DECLARE_COMPLETION_ONSTACK(done);
 	int retval;
  
+	helper_lock();
 	if (sub_info->path[0] == '\0') {
 		retval = 0;
 		goto out;
@@ -418,6 +475,7 @@
  
   out:
 	call_usermodehelper_freeinfo(sub_info);
+	helper_unlock();
 	return retval;
 }
 EXPORT_SYMBOL(call_usermodehelper_exec);
@@ -459,6 +517,6 @@
 {
 	khelper_wq = create_singlethread_workqueue("khelper");
 	BUG_ON(!khelper_wq);
-	pm_notifier(usermodehelper_pm_callback, 0);
+	register_pm_notifier_callback();
 }
...	...	@@ -41,14 +41,6 @@
41	41
42	42	static struct workqueue_struct *khelper_wq;
43	43
44		-/*
45		- * If set, both call_usermodehelper_keys() and call_usermodehelper_pipe() exit
46		- * immediately returning -EBUSY. Used for preventing user land processes from
47		- * being created after the user land has been frozen during a system-wide
48		- * hibernation or suspend operation.
49		- */
50		-static int usermodehelper_disabled;
51		-
52	44	#ifdef CONFIG_KMOD
53	45
54	46	/*
55	47
56	48
...	...	@@ -275,15 +267,55 @@
275	267	}
276	268	}
277	269
	270	+#ifdef CONFIG_PM
	271	+/*
	272	+ * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY
	273	+ * (used for preventing user land processes from being created after the user
	274	+ * land has been frozen during a system-wide hibernation or suspend operation).
	275	+ */
	276	+static int usermodehelper_disabled;
	277	+
	278	+/* Number of helpers running */
	279	+static atomic_t running_helpers = ATOMIC_INIT(0);
	280	+
	281	+/*
	282	+ * Wait queue head used by usermodehelper_pm_callback() to wait for all running
	283	+ * helpers to finish.
	284	+ */
	285	+static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq);
	286	+
	287	+/*
	288	+ * Time to wait for running_helpers to become zero before the setting of
	289	+ * usermodehelper_disabled in usermodehelper_pm_callback() fails
	290	+ */
	291	+#define RUNNING_HELPERS_TIMEOUT (5 * HZ)
	292	+
278	293	static int usermodehelper_pm_callback(struct notifier_block *nfb,
279	294	unsigned long action,
280	295	void *ignored)
281	296	{
	297	+ long retval;
	298	+
282	299	switch (action) {
283	300	case PM_HIBERNATION_PREPARE:
284	301	case PM_SUSPEND_PREPARE:
285	302	usermodehelper_disabled = 1;
286		- return NOTIFY_OK;
	303	+ smp_mb();
	304	+ /*
	305	+ * From now on call_usermodehelper_exec() won't start any new
	306	+ * helpers, so it is sufficient if running_helpers turns out to
	307	+ * be zero at one point (it may be increased later, but that
	308	+ * doesn't matter).
	309	+ */
	310	+ retval = wait_event_timeout(running_helpers_waitq,
	311	+ atomic_read(&running_helpers) == 0,
	312	+ RUNNING_HELPERS_TIMEOUT);
	313	+ if (retval) {
	314	+ return NOTIFY_OK;
	315	+ } else {
	316	+ usermodehelper_disabled = 0;
	317	+ return NOTIFY_BAD;
	318	+ }
287	319	case PM_POST_HIBERNATION:
288	320	case PM_POST_SUSPEND:
289	321	usermodehelper_disabled = 0;
...	...	@@ -293,6 +325,30 @@
293	325	return NOTIFY_DONE;
294	326	}
295	327
	328	+static void helper_lock(void)
	329	+{
	330	+ atomic_inc(&running_helpers);
	331	+ smp_mb__after_atomic_inc();
	332	+}
	333	+
	334	+static void helper_unlock(void)
	335	+{
	336	+ if (atomic_dec_and_test(&running_helpers))
	337	+ wake_up(&running_helpers_waitq);
	338	+}
	339	+
	340	+static void register_pm_notifier_callback(void)
	341	+{
	342	+ pm_notifier(usermodehelper_pm_callback, 0);
	343	+}
	344	+#else /* CONFIG_PM */
	345	+#define usermodehelper_disabled 0
	346	+
	347	+static inline void helper_lock(void) {}
	348	+static inline void helper_unlock(void) {}
	349	+static inline void register_pm_notifier_callback(void) {}
	350	+#endif /* CONFIG_PM */
	351	+
296	352	/**
297	353	* call_usermodehelper_setup - prepare to call a usermode helper
298	354	* @path - path to usermode executable
...	...	@@ -397,6 +453,7 @@
397	453	DECLARE_COMPLETION_ONSTACK(done);
398	454	int retval;
399	455
	456	+ helper_lock();
400	457	if (sub_info->path[0] == '\0') {
401	458	retval = 0;
402	459	goto out;
...	...	@@ -418,6 +475,7 @@
418	475
419	476	out:
420	477	call_usermodehelper_freeinfo(sub_info);
	478	+ helper_unlock();
421	479	return retval;
422	480	}
423	481	EXPORT_SYMBOL(call_usermodehelper_exec);
...	...	@@ -459,6 +517,6 @@
459	517	{
460	518	khelper_wq = create_singlethread_workqueue("khelper");
461	519	BUG_ON(!khelper_wq);
462		- pm_notifier(usermodehelper_pm_callback, 0);
	520	+ register_pm_notifier_callback();
463	521	}