From: Alexey Dobriyan <adobriyan@sw.ru>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk,
devel@openvz.org, "Eric W. Biederman" <ebiederm@xmission.com>,
Andy Whitcroft <apw@shadowen.org>
Subject: Re: [PATCH 3/4] proc: simplify remove_proc_entry() wrt locking
Date: Fri, 23 Nov 2007 12:18:29 +0300 [thread overview]
Message-ID: <20071123091829.GC6240@localhost.sw.ru> (raw)
In-Reply-To: <20071120200842.a3ad33b5.akpm@linux-foundation.org>
On Tue, Nov 20, 2007 at 08:08:42PM -0800, Andrew Morton wrote:
> On Fri, 16 Nov 2007 18:10:15 +0300 Alexey Dobriyan <adobriyan@sw.ru> wrote:
>
> > We can take proc_subdir_lock for duration of list searching and removing
> > from lists only. It can't hurt -- we can gather any amount of looked up
> > PDEs right after proc_subdir_lock droppage in proc_lookup() anyway.
> > Current code should already deal with this correctly.
> >
> > Also this should make code more undestandable:
> > * original looks like a loop, however, it's a loop with unconditional
> > trailing "break;" -- not loop at all.
> > * more explicit statement that proc_subdir_lock protects only ->subdir lists.
>
> oopses the Vaio.
>
>
> [ 12.595145] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000030
> [ 12.598487] printing eip: c01a607f *pde = 00000000
> [ 12.601795] Oops: 0000 [#1] PREEMPT
> [ 12.605101] last sysfs file:
> [ 12.608432] Modules linked in:
> [ 12.611727]
> [ 12.615000] Pid: 1, comm: swapper Not tainted (2.6.24-rc3-mm1 #4)
> [ 12.618345] EIP: 0060:[<c01a607f>] EFLAGS: 00010206 CPU: 0
> [ 12.621713] EIP is at remove_proc_entry+0x69/0x16c
> [ 12.625071] EAX: 00000000 EBX: f726d940 ECX: f726d9bd EDX: 00000000
> [ 12.628445] ESI: 00000030 EDI: f726d940 EBP: f7841e3c ESP: f7841dcc
> [ 12.631747] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
> [ 12.635052] Process swapper (pid: 1, ti=F7840000 task=F783ED30 task.ti=F7840000)
> [ 12.635181] Stack: 00000005 f726d9c0 c042747c f7841df0 c0131992 00000282 f7841e1c 00000005
> [ 12.638669] 00000000 00000046 00000174 00000000 c0138012 00000000 00000000 00000000
> [ 12.642173] f783f2e0 f783ed30 00000000 f783ed30 c0320d27 00000010 f7841e34 c013a1e4
> [ 12.645623] Call Trace:
> [ 12.652432] [<c0104e0c>] show_trace_log_lvl+0x12/0x25
> [ 12.655938] [<c0104eab>] show_stack_log_lvl+0x8c/0x9e
> [ 12.659333] [<c0104f47>] show_registers+0x8a/0x1c0
> [ 12.662755] [<c010516b>] die+0xee/0x1c4
> [ 12.666101] [<c0117a18>] do_page_fault+0x405/0x4e1
> [ 12.669427] [<c0320fda>] error_code+0x6a/0x70
> [ 12.672700] [<c0151d13>] unregister_handler_proc+0x1b/0x1d
> [ 12.675974] [<c0150bb2>] free_irq+0xb3/0xdc
> [ 12.679227] [<c028a51b>] yenta_probe_cb_irq+0xc9/0xd6
> [ 12.682482] [<c028a829>] ti12xx_override+0x12b/0x4c5
> [ 12.685782] [<c028b270>] yenta_probe+0x2b1/0x55d
> [ 12.689042] [<c01fed0d>] pci_device_probe+0x39/0x5b
> [ 12.692276] [<c025a9ad>] driver_probe_device+0xd1/0x147
> [ 12.695492] [<c025ab37>] __driver_attach+0x6a/0xa1
> [ 12.698666] [<c0259ee9>] bus_for_each_dev+0x37/0x5c
> [ 12.701783] [<c025a816>] driver_attach+0x14/0x16
> [ 12.704891] [<c025a220>] bus_add_driver+0x7a/0x191
> [ 12.708015] [<c025ad08>] driver_register+0x57/0x5c
> [ 12.711095] [<c01fee6f>] __pci_register_driver+0x56/0x83
> [ 12.714170] [<c047203c>] yenta_socket_init+0x14/0x16
> [ 12.717195] [<c0458650>] kernel_init+0xc5/0x20f
> [ 12.720120] [<c0104aaf>] kernel_thread_helper+0x7/0x10
> [ 12.723041] =======================
> [ 12.725918] INFO: lockdep is turned off.
> [ 12.728813] Code: 75 94 83 c6 38 eb 24 8b 55 f0 89 d9 8b 45 90 e8 ab fe ff ff 85 c0 74 0e 8b 43 30 89 df 89 06 c7 43 30 00 00 00 00 8b 36 83 c6 30 <8b> 1e 85 db 75 d6 b8 e0 2b 43 c0 e8 ab ab 17 00 85 ff 0f 84 e3
> [ 12.735473] EIP: [<c01a607f>] remove_proc_entry+0x69/0x16c SS:ESP 0068:f7841dcc
>
> (gdb) l *0xc01a4fdf
> 0xc01a4fdf is in remove_proc_entry (fs/proc/generic.c:698).
> warning: Source file is more recent than executable.
>
> 693 if (!parent && xlate_proc_name(name, &parent, &fn) != 0)
> 694 return;
> 695 len = strlen(fn);
> 696
> 697 spin_lock(&proc_subdir_lock);
> 698 for (p = &parent->subdir; *p; p=&(*p)->next ) {
> 699 if (!proc_match(len, fn, *p))
> 700 continue;
> 701 de = *p;
> 702 *p = de->next;
703 de->next = NULL;
break; <===
704 }
>
> iirc this is what Andy was hitting.
Doh! this was missing "break;". I'll resend the patch and refcounting fixes
soon.
P.S.: Do you make notches on Vaio-of-death?
prev parent reply other threads:[~2007-11-23 9:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-16 15:10 [PATCH 3/4] proc: simplify remove_proc_entry() wrt locking Alexey Dobriyan
2007-11-21 4:08 ` Andrew Morton
2007-11-23 9:18 ` Alexey Dobriyan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071123091829.GC6240@localhost.sw.ru \
--to=adobriyan@sw.ru \
--cc=akpm@linux-foundation.org \
--cc=apw@shadowen.org \
--cc=devel@openvz.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.