From: Al Viro <viro@ZenIV.linux.org.uk>
To: Dave Jones <davej@redhat.com>,
Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: kdevtmpfs oops since yesterdays vfs merge
Date: Mon, 25 Jul 2011 06:12:51 +0100 [thread overview]
Message-ID: <20110725051251.GQ24703@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20110725045851.GA11267@redhat.com>
On Mon, Jul 25, 2011 at 12:58:52AM -0400, Dave Jones wrote:
> On Mon, Jul 25, 2011 at 03:44:44AM +0100, Al Viro wrote:
>
> > > when it triggers the bug_on(), it's that second nodename that is garbage.
> >
> > Interesting... The next experiment would be to stick BUG_ON(!req.dev)
> > into devtmpfs_create_node() right after the assigment to that field.
>
> couldn't get that to trigger.
Interesting...
> > We couldn't be hit by the lack of barriers here, could we? Store to
> > req.dev happens before spin_unlock(&req_lock), so by the time when
> > that request is seen by loop in devtmpfsd() and passed to handle() it
> > should be seen - we have grabbed req_lock, found a pointer to req, dropped
> > req_lock and called handle(). Should've been enough...
> >
> > Might be interesting to print &req from devtmpfs_create_node(), both on
> > entry and on exit, and print req right before the call of handle()...
>
> Here's latest..
>
> https://s3.amazonaws.com/twitpic/photos/full/355219312.jpg?AWSAccessKeyId=AKIAJF3XCCKACR3QDMOA&Expires=1311570683&Signature=xr3tusulMiV2bIsxux9YNrawUDA%3D
>
> apologies for crappy picture, but it's legible at fullsize..
>
> interesting thing here is that the req that causes the oops, I couldn't
> find any call to create_handle for that address, so where devtmpfsd got it
> is a mystery. The address is curious too, in that it's way off from all the
> reqs created around that time.
Arrgh... OK, I see what's going on.
req->err = handle(req->name, req->mode, req->dev);
complete(&req->done);
req = req->next;
is letting the request creator to continue; if it leaves the scope, guess
what is left in *req? That's right, garbage... Including req->next.
All right, try this and let's see if it fixes the problem:
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
index 3644dd4..49b6cba 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
@@ -406,9 +406,10 @@ static int devtmpfsd(void *p)
requests = NULL;
spin_unlock(&req_lock);
while (req) {
+ struct req *next = req->next;
req->err = handle(req->name, req->mode, req->dev);
complete(&req->done);
- req = req->next;
+ req = next;
}
spin_lock(&req_lock);
}
next prev parent reply other threads:[~2011-07-25 5:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-24 23:17 kdevtmpfs oops since yesterdays vfs merge Dave Jones
2011-07-24 23:28 ` Al Viro
2011-07-24 23:40 ` Dave Jones
2011-07-24 23:51 ` Al Viro
2011-07-25 1:53 ` Dave Jones
2011-07-25 1:56 ` Dave Jones
2011-07-25 2:44 ` Al Viro
2011-07-25 4:58 ` Dave Jones
2011-07-25 5:12 ` Al Viro [this message]
2011-07-25 5:53 ` Dave Jones
2011-07-25 6:15 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110725051251.GQ24703@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox