From: Dave Hansen <dave@linux.vnet.ibm.com>
To: Seth Jennings <sjenning@linux.vnet.ibm.com>
Cc: gregkh@suse.de, cascardo@holoscopio.com,
dan.magenheimer@oracle.com, rdunlap@xenotime.net,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org,
rcj@linux.vnet.ibm.com, brking@linux.vnet.ibm.com,
ngupta@vflare.org
Subject: Re: [PATCH] staging: zcache: fix crash on cpu remove
Date: Thu, 06 Oct 2011 12:55:14 -0700 [thread overview]
Message-ID: <1317930914.15807.64.camel@nimitz> (raw)
In-Reply-To: <1317929306-18471-1-git-send-email-sjenning@linux.vnet.ibm.com>
On Thu, 2011-10-06 at 14:28 -0500, Seth Jennings wrote:
> In the case that a cpu is taken offline before zcache_do_preload() is
> ever called on the cpu, the per-cpu zcache_preloads structure will
> be uninitialized. In the CPU_DEAD case for zcache_cpu_notifier(),
> kp->obj is not checked before calling kmem_cache_free() on it.
> If it is NULL, a crash results.
>
> This patch ensures that both kp->obj and kp->page are not NULL before
> calling the respective free functions. In practice, just checking
> one or the other should be sufficient since they are assigned together
> in zcache_do_preload(), but I check both for safety.
zcache_objnode_alloc() and zcache_obj_alloc() seem to do the same thing:
dereference 'kp' without checking it for NULL. That's fine, but it
requires that preemption be off between zcache_do_preload() and calling
those functions. That seems to be the case today, but it worries me.
I can see another user getting added that does zcache_obj_alloc() but
forgot to disable preemption.
We at least need a BUG_ON(!in_atomic()) near the dereferences. The
enable/disable paths out of zcache_do_preload() look OK to me, but
they're not trivial.
Was there another purpose behind the preempt_disabling()? We have a
number of spots on the kernel that do preloads but *don't* protect the
percpu buffers in the same way. The radix-tree code, for instance, uses
preempt_disable() to provide the guarantee that an allocation does not
occur, but its data structures are safe to access without preempt.
IOW, with the radix code, a missed preempt_disable() costs you an
-ENOMEM. With zcache it costs you an oops.
-- Dave
next prev parent reply other threads:[~2011-10-06 19:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-06 19:28 [PATCH] staging: zcache: fix crash on cpu remove Seth Jennings
2011-10-06 19:55 ` Dave Hansen [this message]
2011-10-06 20:17 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1317930914.15807.64.camel@nimitz \
--to=dave@linux.vnet.ibm.com \
--cc=brking@linux.vnet.ibm.com \
--cc=cascardo@holoscopio.com \
--cc=dan.magenheimer@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=ngupta@vflare.org \
--cc=rcj@linux.vnet.ibm.com \
--cc=rdunlap@xenotime.net \
--cc=sjenning@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox