Name: set_cpus_allowed can fail
Author: Rusty Russell
Status: Tested on 2.5.30 SMP

D: Naturally, with cpus going up and down, you can't check the cpu mask
D: then call set_cpus_allowed: it has to do it inside the lock.  This
D: introduces the CPU brlock, and uses it everywhere that cpus change
D: online status.
D: 
D: The locking rule is simple: holding either the CPU brlock or the
D: cpucontrol semaphore will prevent other cpus from going online or
D: offline.  This means all cpu-hotplug notifiers are safe.
D: 
D: Note that architectures which don't do hotplug CPUs don't need to care
D: about the lock at all (ie. all of them at the moment).

diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal .18490-2.5.44-mm3-set-cpus-can-fail.pre/include/linux/brlock.h .18490-2.5.44-mm3-set-cpus-can-fail/include/linux/brlock.h
--- .18490-2.5.44-mm3-set-cpus-can-fail.pre/include/linux/brlock.h	2002-10-15 15:19:44.000000000 +1000
+++ .18490-2.5.44-mm3-set-cpus-can-fail/include/linux/brlock.h	2002-10-23 18:57:33.000000000 +1000
@@ -34,6 +34,7 @@
 /* Register bigreader lock indices here. */
 enum brlock_indices {
 	BR_NETPROTO_LOCK,
+	BR_CPU_LOCK,
 	__BR_END
 };
 
diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal .18490-2.5.44-mm3-set-cpus-can-fail.pre/include/linux/sched.h .18490-2.5.44-mm3-set-cpus-can-fail/include/linux/sched.h
--- .18490-2.5.44-mm3-set-cpus-can-fail.pre/include/linux/sched.h	2002-10-23 12:03:15.000000000 +1000
+++ .18490-2.5.44-mm3-set-cpus-can-fail/include/linux/sched.h	2002-10-23 18:57:33.000000000 +1000
@@ -441,9 +441,9 @@ do { if (atomic_dec_and_test(&(tsk)->usa
 #define _STK_LIM	(8*1024*1024)
 
 #if CONFIG_SMP
-extern void set_cpus_allowed(task_t *p, const unsigned long new_mask[]);
+extern int set_cpus_allowed(task_t *p, const unsigned long new_mask[]);
 #else
-# define set_cpus_allowed(p, new_mask) do { } while (0)
+# define set_cpus_allowed(p, new_mask) 1
 #endif
 #define CPU_MASK_NONE { 0 }
 #define CPU_MASK_ALL { [0 ... ((NR_CPUS+BITS_PER_LONG-1)/BITS_PER_LONG)-1 ] = ~0UL }
diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal .18490-2.5.44-mm3-set-cpus-can-fail.pre/kernel/sched.c .18490-2.5.44-mm3-set-cpus-can-fail/kernel/sched.c
--- .18490-2.5.44-mm3-set-cpus-can-fail.pre/kernel/sched.c	2002-10-23 12:03:15.000000000 +1000
+++ .18490-2.5.44-mm3-set-cpus-can-fail/kernel/sched.c	2002-10-23 18:57:33.000000000 +1000
@@ -32,6 +32,7 @@
 #include <linux/delay.h>
 #include <linux/timer.h>
 #include <linux/rcupdate.h>
+#include <linux/brlock.h>
 
 /*
  * Convert user-nice values [ -20 ... 0 ... 19 ]
@@ -1600,9 +1601,6 @@ asmlinkage int sys_sched_setaffinity(pid
 	if (copy_from_user(&new_mask, user_mask_ptr, sizeof(new_mask)))
 		return -EFAULT;
 
-	if (any_online_cpu(new_mask) == NR_CPUS)
-		return -EINVAL;
-
 	read_lock(&tasklist_lock);
 
 	p = find_process_by_pid(pid);
@@ -1624,8 +1622,7 @@ asmlinkage int sys_sched_setaffinity(pid
 			!capable(CAP_SYS_NICE))
 		goto out_unlock;
 
-	retval = 0;
-	set_cpus_allowed(p, new_mask);
+	retval = set_cpus_allowed(p, new_mask);
 
 out_unlock:
 	put_task_struct(p);
@@ -1962,45 +1959,53 @@ typedef struct {
  * task must not exit() & deallocate itself prematurely.  The
  * call is not atomic; no spinlocks may be held.
  */
-void set_cpus_allowed(task_t *p, const unsigned long new_mask[])
+int set_cpus_allowed(task_t *p, const unsigned long new_mask[])
 {
 	unsigned long flags;
 	migration_req_t req;
 	runqueue_t *rq;
-
-#if 0 /* FIXME: Grab cpu_lock, return error on this case. --RR */
-	new_mask &= cpu_online_map;
-	if (!new_mask)
-		BUG();
-#endif
+	int ret = 0;
 
 	rq = task_rq_lock(p, &flags);
+
+	/* Let's not deal with cpus leaving us */
+	br_read_lock(BR_CPU_LOCK);
+	if (any_online_cpu(new_mask) == NR_CPUS) {
+		ret = -EINVAL;
+		goto out_unlock;
+	}
+
 	memcpy(p->cpus_allowed, new_mask, sizeof(p->cpus_allowed));
 	/*
 	 * Can the task run on the task's current CPU? If not then
 	 * migrate the thread off to a proper CPU.
 	 */
-	if (test_bit(task_cpu(p), new_mask)) {
-		task_rq_unlock(rq, &flags);
-		return;
-	}
+	if (test_bit(task_cpu(p), new_mask))
+		goto out_unlock;
+
 	/*
 	 * If the task is not on a runqueue (and not running), then
 	 * it is sufficient to simply update the task's cpu field.
 	 */
 	if (!p->array && !task_running(rq, p)) {
 		set_task_cpu(p, any_online_cpu(p->cpus_allowed));
-		task_rq_unlock(rq, &flags);
-		return;
+		goto out_unlock;
 	}
 	init_completion(&req.done);
 	req.task = p;
 	list_add(&req.list, &rq->migration_queue);
+	br_read_unlock(BR_CPU_LOCK);
 	task_rq_unlock(rq, &flags);
 
 	wake_up_process(rq->migration_thread);
 
 	wait_for_completion(&req.done);
+	return 0;
+
+ out_unlock:
+	br_read_unlock(BR_CPU_LOCK);
+	task_rq_unlock(rq, &flags);
+	return ret;
 }
 
 /*