All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bill Pringlemeir <bpringlemeir@nbsps.com>
To: Richard Weinberger <richard@nod.at>
Cc: "Wiedemer, Thorsten \(Lawo AG\)" <Thorsten.Wiedemer@lawo.com>,
	"linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>
Subject: Re: UBI leb_write_unlock NULL pointer Oops (continuation)
Date: Mon, 24 Feb 2014 10:45:50 -0500	[thread overview]
Message-ID: <87sir8ms41.fsf@nbsps.com> (raw)
In-Reply-To: <530B670B.3090002@nod.at> (Richard Weinberger's message of "Mon, 24 Feb 2014 16:36:43 +0100")


>> On 22 Feb 2014, richard@nod.at wrote:

>>> Hmm, I'm not sure whether I was able to follow your thought.  But
>>> leb_write_unlock() is balanced with leb_write_trylock() in
>>> ubi_eba_copy_leb() which makes perfectly sense to me.  What exactly is
>>> the problem?

> Am 24.02.2014 16:09, schrieb Bill Pringlemeir:

>> There are two things that must be balanced.  The 'reference count'
>> ubi_ltree_entry -> users and the rw_semaphore down/up.  You are right,
>> the trylock needs to be balanced by the 'leb_write_unlock'.  However,
>> the 'leb_write_trylock()' has already decremented 'users' in preperation
>> to move the 'lnum'.  However, in the case of contention,
>> 'ubi_eba_copy_leb' bails and does the 'leb_write_unlock()', which
>> balances the 'trylock', but unbalances the 'users' reference count (I
>> added some comments on the lines).

On 24 Feb 2014, richard@nod.at wrote:

> My first thought here is "If this is true, why does
> ubi_assert(le->users >= 0) not trigger"?

A call to 'ltree_add_entry()' may add a completely new entry for the
'lnum'.  The context switches may happen at any point that the spinlock
is not held.

Here is ubi_eba_copy_leb() with just mutex and reference count.

leb_write_trylock -> ltree_add_entry(ubi, vol_id, lnum) create new or
                        old.
/* could reschedule here... */
leb_write_trylock -> down_write_trylock have write rwsem.
/* could reschedule here... */
leb_write_trylock -> get spin lock and decrement user.
/* could reschedule here... */
on 'if (vol->eba_tbl[lnum] != from)' another thread has this
                        'ltree_entry' so count is >1.
/* could reschedule here... */
call leb_write_unlock() and destroy in use ltree_entry.

Anyone calling 'ltree_add_entry' may create a new entry.  Also, as the
entry has been freed, the memory will be recycled and 'users' could be
anything in a freed node.  It is puzzling if this is related to the
problem that Thorsten and others have seen that the 'assert' never
fires.  However, this path seems to violate the reference count and
double decrements.  I am pretty sure it is an issue although it maybe
unrelated and latent (never triggered).  However, some of the same
'suspects' are involved so I think it is a possibility to explore.

Fwiw,
Bill Pringlemeir.

  reply	other threads:[~2014-02-24 15:53 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-03  8:51 UBI leb_write_unlock NULL pointer Oops (continuation) Wiedemer, Thorsten (Lawo AG)
2014-02-03  9:38 ` Richard Weinberger
2014-02-03 10:31   ` AW: " Wiedemer, Thorsten (Lawo AG)
2014-02-03 11:02     ` Richard Weinberger
2014-02-03 12:51       ` AW: " Wiedemer, Thorsten (Lawo AG)
2014-02-03 13:56         ` Richard Weinberger
2014-02-04  7:22           ` Artem Bityutskiy
2014-02-04  7:46             ` Richard Weinberger
2014-02-04  7:54               ` Artem Bityutskiy
2014-02-04 15:45                 ` UBI leb_write_unlock NULL pointer Oops (continuation) on ARM926 Bill Pringlemeir
2014-02-04 15:45                   ` Bill Pringlemeir
2014-02-04 17:05                   ` Bill Pringlemeir
2014-02-04 17:05                     ` Bill Pringlemeir
2014-02-04 19:57                     ` Bill Pringlemeir
2014-02-04 19:57                       ` Bill Pringlemeir
2014-02-04 20:07                       ` Richard Weinberger
2014-02-04 20:07                         ` Richard Weinberger
2014-02-04 17:01           ` AW: UBI leb_write_unlock NULL pointer Oops (continuation) Wiedemer, Thorsten (Lawo AG)
2014-02-04 17:52             ` Wiedemer, Thorsten (Lawo AG)
2014-02-05  8:29             ` Richard Weinberger
2014-02-05 21:45               ` Bill Pringlemeir
2014-02-05 22:13                 ` Richard Weinberger
2014-02-05 22:23                   ` Bill Pringlemeir
2014-02-06 13:05                     ` AW: " Wiedemer, Thorsten (Lawo AG)
2014-02-06 16:00                       ` Bill Pringlemeir
2014-02-11  8:01               ` Wiedemer, Thorsten (Lawo AG)
2014-02-11 15:25                 ` Bill Pringlemeir
2014-02-12 15:18                   ` AW: " Wiedemer, Thorsten (Lawo AG)
2014-02-12 17:46                     ` Richard Weinberger
2014-02-12 18:11                     ` AW: AW: " Bill Pringlemeir
2014-02-12 18:21                       ` Bill Pringlemeir
2014-02-12 20:48                         ` Richard Weinberger
2014-02-14 17:11                           ` Bill Pringlemeir
2014-02-18  8:25                           ` Ziegler, Emanuel (Lawo AG)
2014-02-19 11:09                             ` Ziegler, Emanuel (Lawo AG)
2014-02-20 15:21                       ` AW: AW: AW: " Wiedemer, Thorsten (Lawo AG)
2014-02-20 17:26                         ` Bill Pringlemeir
2014-02-20 17:38                           ` Bill Pringlemeir
2014-02-21  8:55                         ` AW: AW: AW: " Wiedemer, Thorsten (Lawo AG)
2014-02-21  9:28                           ` Quiniou, Benoit (Lawo AG)
2014-02-21 17:53                           ` AW: " Bill Pringlemeir
2014-02-21 18:12                             ` Richard Weinberger
2014-02-21 19:45                               ` Bill Pringlemeir
2014-02-22  0:49                                 ` Bill Pringlemeir
2014-02-22  8:32                                   ` Richard Weinberger
2014-02-24 15:09                                     ` Bill Pringlemeir
2014-02-24 15:36                                       ` Richard Weinberger
2014-02-24 15:45                                         ` Bill Pringlemeir [this message]
2014-02-24 15:48                                           ` Bill Pringlemeir
2014-03-05 20:57                                             ` Richard Weinberger
2014-03-05 21:30                                               ` Bill Pringlemeir
2014-03-05 21:42                                                 ` Bill Pringlemeir
2014-03-05 23:11                                                   ` Richard Weinberger
2014-03-05 23:12                                                   ` Richard Weinberger
2014-02-04 19:49     ` Andrew Ruder
2014-02-05  8:39       ` AW: " Wiedemer, Thorsten (Lawo AG)
2014-02-05 20:13         ` Andrew Ruder
2015-10-16 12:17 ` Wojciech Nizinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87sir8ms41.fsf@nbsps.com \
    --to=bpringlemeir@nbsps.com \
    --cc=Thorsten.Wiedemer@lawo.com \
    --cc=linux-mtd@lists.infradead.org \
    --cc=richard@nod.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.