From: Tejun Heo <tj@kernel.org>
To: Colin Cross <ccross@google.com>
Cc: linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Avi Kivity <avi@redhat.com>,
kvm@vger.kernel.org, Andy Walls <awalls@md.metrocast.net>,
ivtv-devel@ivtvdriver.org, linux-media@vger.kernel.org,
Grant Likely <grant.likely@secretlab.ca>,
spi-devel-general@lists.sourceforge.net,
Linus Torvalds <torvalds@linux-foundation.org>,
stable@vger.kernel.org
Subject: Re: [PATCHSET] kthread_worker: reimplement flush_kthread_work() to allow freeing during execution
Date: Mon, 17 Sep 2012 12:40:16 -0700 [thread overview]
Message-ID: <20120917194016.GI18677@google.com> (raw)
In-Reply-To: <CAMbhsRQs+2MCXq0M-eTeezwPR=KMnBKtJny1rjiUJL-wNYctMQ@mail.gmail.com>
On Fri, Sep 14, 2012 at 03:50:40PM -0700, Colin Cross wrote:
> This patch set fixes a reproducible crash I'm seeing on a 3.4.10
> kernel. flush_kthread_worker (which is different from
> flush_kthread_work) is initializing a kthread_work and a completion on
> the stack, then queuing it and calling wait_for_completion. Once the
> completion is signaled, flush_kthread_worker exits and the stack
> region used by the kthread_work may be immediately reused by another
> object on the stack, but kthread_worker_fn continues accessing its
> work pointer:
> work->func(work); <- calls complete,
> effectively frees work
> smp_wmb(); /* wmb worker-b0 paired with flush-b1 */
> work->done_seq = work->queue_seq; <- overwrites a
> new stack object
> smp_mb(); /* mb worker-b1 paired with flush-b0 */
> if (atomic_read(&work->flushing))
> wake_up_all(&work->done); <- or crashes here
>
> These patches fix the problem by not accessing work after work->func
> is called, and should be backported to stable. They apply cleanly to
> 3.4.10. Upstream commits are 9a2e03d8ed518a61154f18d83d6466628e519f94
> and 46f3d976213452350f9d10b0c2780c2681f7075b.
Yeah, you're right. I wonder why this didn't come up before. Greg,
can you please pick up these two commits?
Thanks.
--
tejun
next prev parent reply other threads:[~2012-09-17 19:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-19 21:15 [PATCHSET] kthread_worker: reimplement flush_kthread_work() to allow freeing during execution Tejun Heo
2012-07-19 21:15 ` Tejun Heo
[not found] ` <20120719211510.GA32763-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-07-19 21:15 ` [PATCH 1/2] kthread_worker: reorganize to prepare for flush_kthread_work() reimplementation Tejun Heo
2012-07-19 21:15 ` Tejun Heo
2012-07-21 17:13 ` Andy Walls
2012-07-22 16:46 ` Tejun Heo
[not found] ` <20120722164607.GB5144-RcKxWJ4Cfj1J2suj2OqeGauc2jM2gXBXkQQo+JxHRPFibQn6LdNjmg@public.gmane.org>
2012-07-22 20:42 ` Andy Walls
2012-07-22 20:42 ` Andy Walls
2012-07-22 17:22 ` [PATCH UPDATED " Tejun Heo
2012-07-19 21:16 ` [PATCH 2/2] kthread_worker: reimplement flush_kthread_work() to allow freeing the work item being executed Tejun Heo
[not found] ` <20120719211629.GC32763-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-07-21 18:20 ` Andy Walls
2012-07-21 18:20 ` Andy Walls
[not found] ` <1342894814.2504.31.camel-xioobY1GIEhKttHedORAlB2eb7JE58TQ@public.gmane.org>
2012-07-22 16:49 ` Tejun Heo
2012-07-22 16:49 ` Tejun Heo
[not found] ` <20120722164953.GC5144-RcKxWJ4Cfj1J2suj2OqeGauc2jM2gXBXkQQo+JxHRPFibQn6LdNjmg@public.gmane.org>
2012-07-22 20:46 ` Andy Walls
2012-07-22 20:46 ` Andy Walls
2012-07-23 17:12 ` Tejun Heo
[not found] ` <20120723171215.GA5776-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-07-24 11:17 ` Andy Walls
2012-07-24 11:17 ` Andy Walls
2012-07-22 20:39 ` Andy Walls
2012-07-22 20:39 ` Andy Walls
2012-09-14 22:50 ` [PATCHSET] kthread_worker: reimplement flush_kthread_work() to allow freeing during execution Colin Cross
2012-09-17 19:40 ` Tejun Heo [this message]
2012-09-17 20:28 ` Greg KH
[not found] ` <20120917202850.GA18910-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2012-09-28 0:19 ` Greg KH
2012-09-28 0:19 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120917194016.GI18677@google.com \
--to=tj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=avi@redhat.com \
--cc=awalls@md.metrocast.net \
--cc=ccross@google.com \
--cc=grant.likely@secretlab.ca \
--cc=ivtv-devel@ivtvdriver.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=spi-devel-general@lists.sourceforge.net \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.