From: Steve Wise <swise@opengridcomputing.com>
To: Jiri Kosina <trivial@kernel.org>
Cc: Zygo Blaxell <zygo.blaxell@xandros.com>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] LIB: remove unmatched write_lock() in gen_pool_destroy
Date: Mon, 15 Jun 2009 17:04:15 -0500 [thread overview]
Message-ID: <4A36C55F.6060002@opengridcomputing.com> (raw)
In-Reply-To: <alpine.LNX.2.00.0906152333080.7457@wotan.suse.de>
Jiri Kosina wrote:
> On Fri, 12 Jun 2009, Zygo Blaxell wrote:
>
>
>> Fix mismatch between calls to write_lock() and write_unlock() in
>> gen_pool_destroy by removing the write_lock().
>>
>> Signed-off-by: Zygo Blaxell <zygo.blaxell@xandros.com>
>> ---
>> There is a call to write_lock() in gen_pool_destroy which is not balanced
>> by any corresponding write_unlock(). This causes problems with preemption
>> because the preemption-disable counter is incremented in the write_lock()
>> call, but never decremented by any call to write_unlock(). This bug is
>> difficult to observe in the field because only two in-tree drivers call
>> gen_pool_destroy, and one of them is non-x86 arch-specific code.
>>
>> To fix this, I have chosen removing the write_lock() over adding a
>> write_unlock() because the lock in question is inside a structure which
>> is being freed. Any other thread that waited to acquire such a lock
>> while gen_pool_destroy was running would find itself holding a lock
>> in recently-freed or about-to-be-freed memory. This would result in
>> memory corruption or a crash whether &pool->lock is held or not.
>>
>> Using a pool while it is in the process of being destroyed is a bug that
>> must be resolved outside of the gen_pool_destroy function.
>>
>> lib/genalloc.c | 1 -
>> 1 files changed, 0 insertions(+), 1 deletions(-)
>>
>> diff --git a/lib/genalloc.c b/lib/genalloc.c
>> index f6d276d..eed2bdb 100644
>> --- a/lib/genalloc.c
>> +++ b/lib/genalloc.c
>> @@ -85,7 +85,6 @@ void gen_pool_destroy(struct gen_pool *pool)
>> int bit, end_bit;
>>
>>
>> - write_lock(&pool->lock);
>> list_for_each_safe(_chunk, _next_chunk, &pool->chunks) {
>> chunk = list_entry(_chunk, struct gen_pool_chunk, next_chunk);
>> list_del(&chunk->next_chunk);
>> --
>> 1.5.6.5
>>
>>
>
> Hi Zygo,
>
> this doesn't really qualify for trivial tree, as it introduces a
> significant code change. Adding some CCs.
>
>
Looks ok to me. Its dumb to aquire the lock you're gonna free anyway.
Maybe some BUG_ON() that sez nobody better be holding this lock?
next prev parent reply other threads:[~2009-06-15 22:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-12 17:37 [PATCH] LIB: remove unmatched write_lock() in gen_pool_destroy Zygo Blaxell
2009-06-15 21:35 ` Jiri Kosina
2009-06-15 22:04 ` Steve Wise [this message]
2009-06-15 22:29 ` Andrew Morton
2009-06-16 8:23 ` Jiri Kosina
2009-06-16 8:35 ` Andrew Morton
2009-06-15 22:26 ` Andrew Morton
2009-06-15 22:30 ` Steve Wise
2009-06-15 22:54 ` Andrew Morton
2009-06-16 0:27 ` Steve Wise
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A36C55F.6060002@opengridcomputing.com \
--to=swise@opengridcomputing.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=trivial@kernel.org \
--cc=zygo.blaxell@xandros.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.