From: Greg KH <greg-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
To: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: Andy Walls <awalls-Xoej9cPu4Z+RGvkDC/A1pg@public.gmane.org>,
kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Colin Cross <ccross-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
ivtv-devel-jGorlIydJmRM656bX5wj8A@public.gmane.org,
Avi Kivity <avi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
spi-devel-general-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
linux-media-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCHSET] kthread_worker: reimplement flush_kthread_work() to allow freeing during execution
Date: Thu, 27 Sep 2012 17:19:11 -0700 [thread overview]
Message-ID: <20120928001911.GL29949@kroah.com> (raw)
In-Reply-To: <20120917202850.GA18910-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
On Mon, Sep 17, 2012 at 01:28:50PM -0700, Greg KH wrote:
> On Mon, Sep 17, 2012 at 12:40:16PM -0700, Tejun Heo wrote:
> > On Fri, Sep 14, 2012 at 03:50:40PM -0700, Colin Cross wrote:
> > > This patch set fixes a reproducible crash I'm seeing on a 3.4.10
> > > kernel. flush_kthread_worker (which is different from
> > > flush_kthread_work) is initializing a kthread_work and a completion on
> > > the stack, then queuing it and calling wait_for_completion. Once the
> > > completion is signaled, flush_kthread_worker exits and the stack
> > > region used by the kthread_work may be immediately reused by another
> > > object on the stack, but kthread_worker_fn continues accessing its
> > > work pointer:
> > > work->func(work); <- calls complete,
> > > effectively frees work
> > > smp_wmb(); /* wmb worker-b0 paired with flush-b1 */
> > > work->done_seq = work->queue_seq; <- overwrites a
> > > new stack object
> > > smp_mb(); /* mb worker-b1 paired with flush-b0 */
> > > if (atomic_read(&work->flushing))
> > > wake_up_all(&work->done); <- or crashes here
> > >
> > > These patches fix the problem by not accessing work after work->func
> > > is called, and should be backported to stable. They apply cleanly to
> > > 3.4.10. Upstream commits are 9a2e03d8ed518a61154f18d83d6466628e519f94
> > > and 46f3d976213452350f9d10b0c2780c2681f7075b.
> >
> > Yeah, you're right. I wonder why this didn't come up before. Greg,
> > can you please pick up these two commits?
>
> Ok, will do, thanks for letting me know.
Now applied, thanks.
greg k-h
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
prev parent reply other threads:[~2012-09-28 0:19 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-19 21:15 [PATCHSET] kthread_worker: reimplement flush_kthread_work() to allow freeing during execution Tejun Heo
[not found] ` <20120719211510.GA32763-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-07-19 21:15 ` [PATCH 1/2] kthread_worker: reorganize to prepare for flush_kthread_work() reimplementation Tejun Heo
2012-07-21 17:13 ` Andy Walls
2012-07-22 16:46 ` Tejun Heo
[not found] ` <20120722164607.GB5144-RcKxWJ4Cfj1J2suj2OqeGauc2jM2gXBXkQQo+JxHRPFibQn6LdNjmg@public.gmane.org>
2012-07-22 20:42 ` Andy Walls
2012-07-22 17:22 ` [PATCH UPDATED " Tejun Heo
2012-07-19 21:16 ` [PATCH 2/2] kthread_worker: reimplement flush_kthread_work() to allow freeing the work item being executed Tejun Heo
[not found] ` <20120719211629.GC32763-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-07-21 18:20 ` Andy Walls
[not found] ` <1342894814.2504.31.camel-xioobY1GIEhKttHedORAlB2eb7JE58TQ@public.gmane.org>
2012-07-22 16:49 ` Tejun Heo
[not found] ` <20120722164953.GC5144-RcKxWJ4Cfj1J2suj2OqeGauc2jM2gXBXkQQo+JxHRPFibQn6LdNjmg@public.gmane.org>
2012-07-22 20:46 ` Andy Walls
2012-07-23 17:12 ` Tejun Heo
[not found] ` <20120723171215.GA5776-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-07-24 11:17 ` Andy Walls
2012-07-22 20:39 ` Andy Walls
2012-09-14 22:50 ` [PATCHSET] kthread_worker: reimplement flush_kthread_work() to allow freeing during execution Colin Cross
2012-09-17 19:40 ` Tejun Heo
2012-09-17 20:28 ` Greg KH
[not found] ` <20120917202850.GA18910-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2012-09-28 0:19 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120928001911.GL29949@kroah.com \
--to=greg-u8xffu+wg4eavxtiumwx3w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=avi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=awalls-Xoej9cPu4Z+RGvkDC/A1pg@public.gmane.org \
--cc=ccross-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=ivtv-devel-jGorlIydJmRM656bX5wj8A@public.gmane.org \
--cc=kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-media-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=spi-devel-general-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox