From: Lai Jiangshan <laijs@cn.fujitsu.com>
To: Ingo Molnar <mingo@elte.hu>, Andrew Morton <akpm@linux-foundation.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: [PATCH] markers: fix unregister bug and reenter bug
Date: Mon, 29 Sep 2008 16:00:05 +0800 [thread overview]
Message-ID: <48E08B05.7030802@cn.fujitsu.com> (raw)
unregister bug:
codes using makers are typically calling marker_probe_unregister()
and then destroying the data that marker_probe_func needs(or
unloading this module). This is bug when the corresponding
marker_probe_func is still running(on other cpus),
it is using the destroying/ed data.
we should call synchronize_sched() after marker_update_probes().
reenter bug:
marker_probe_register(), marker_probe_unregister() and
marker_probe_unregister_private_data() are not reentrant safe
functions. these 3 functions release markers_mutex and then
require it again and do "entry->oldptr = old; ...", but entry->oldptr
maybe is using now for these 3 functions may reenter when markers_mutex
is released.
we use synchronize_sched() instead of call_rcu_sched() to fix
this bug. actually we can do:
"
if (entry->rcu_pending)
rcu_barrier_sched();
"
after require markers_mutex again. but synchronize_sched()
is better and simpler. For these 3 functions are not critical path.
Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
---
diff --git a/kernel/marker.c b/kernel/marker.c
index 7d1faec..9f76c4a 100644
--- a/kernel/marker.c
+++ b/kernel/marker.c
@@ -60,9 +60,6 @@ struct marker_entry {
struct marker_probe_closure single;
struct marker_probe_closure *multi;
int refcount; /* Number of times armed. 0 if disarmed. */
- struct rcu_head rcu;
- void *oldptr;
- unsigned char rcu_pending:1;
unsigned char ptype:1;
char name[0]; /* Contains name'\0'format'\0' */
};
@@ -199,16 +196,6 @@ void marker_probe_cb_noarg(const struct marker *mdata, void *call_private, ...)
}
EXPORT_SYMBOL_GPL(marker_probe_cb_noarg);
-static void free_old_closure(struct rcu_head *head)
-{
- struct marker_entry *entry = container_of(head,
- struct marker_entry, rcu);
- kfree(entry->oldptr);
- /* Make sure we free the data before setting the pending flag to 0 */
- smp_wmb();
- entry->rcu_pending = 0;
-}
-
static void debug_print_probes(struct marker_entry *entry)
{
int i;
@@ -417,7 +404,6 @@ static struct marker_entry *add_marker(const char *name, const char *format)
e->multi = NULL;
e->ptype = 0;
e->refcount = 0;
- e->rcu_pending = 0;
hlist_add_head(&e->hlist, head);
return e;
}
@@ -447,9 +433,6 @@ static int remove_marker(const char *name)
if (e->single.func != __mark_empty_function)
return -EBUSY;
hlist_del(&e->hlist);
- /* Make sure the call_rcu has been executed */
- if (e->rcu_pending)
- rcu_barrier_sched();
kfree(e);
return 0;
}
@@ -479,12 +462,8 @@ static int marker_set_format(struct marker_entry **entry, const char *format)
e->multi = (*entry)->multi;
e->ptype = (*entry)->ptype;
e->refcount = (*entry)->refcount;
- e->rcu_pending = 0;
hlist_add_before(&e->hlist, &(*entry)->hlist);
hlist_del(&(*entry)->hlist);
- /* Make sure the call_rcu has been executed */
- if ((*entry)->rcu_pending)
- rcu_barrier_sched();
kfree(*entry);
*entry = e;
trace_mark(core_marker_format, "name %s format %s",
@@ -658,12 +637,6 @@ int marker_probe_register(const char *name, const char *format,
goto end;
}
}
- /*
- * If we detect that a call_rcu is pending for this marker,
- * make sure it's executed now.
- */
- if (entry->rcu_pending)
- rcu_barrier_sched();
old = marker_entry_add_probe(entry, probe, probe_private);
if (IS_ERR(old)) {
ret = PTR_ERR(old);
@@ -671,14 +644,11 @@ int marker_probe_register(const char *name, const char *format,
}
mutex_unlock(&markers_mutex);
marker_update_probes(); /* may update entry */
+ synchronize_sched();
+ kfree(old);
mutex_lock(&markers_mutex);
entry = get_marker(name);
WARN_ON(!entry);
- entry->oldptr = old;
- entry->rcu_pending = 1;
- /* write rcu_pending before calling the RCU callback */
- smp_wmb();
- call_rcu_sched(&entry->rcu, free_old_closure);
end:
mutex_unlock(&markers_mutex);
return ret;
@@ -708,20 +678,15 @@ int marker_probe_unregister(const char *name,
entry = get_marker(name);
if (!entry)
goto end;
- if (entry->rcu_pending)
- rcu_barrier_sched();
old = marker_entry_remove_probe(entry, probe, probe_private);
mutex_unlock(&markers_mutex);
marker_update_probes(); /* may update entry */
+ synchronize_sched();
+ kfree(old);
mutex_lock(&markers_mutex);
entry = get_marker(name);
if (!entry)
goto end;
- entry->oldptr = old;
- entry->rcu_pending = 1;
- /* write rcu_pending before calling the RCU callback */
- smp_wmb();
- call_rcu_sched(&entry->rcu, free_old_closure);
remove_marker(name); /* Ignore busy error message */
ret = 0;
end:
@@ -787,19 +752,14 @@ int marker_probe_unregister_private_data(marker_probe_func *probe,
ret = -ENOENT;
goto end;
}
- if (entry->rcu_pending)
- rcu_barrier_sched();
old = marker_entry_remove_probe(entry, NULL, probe_private);
mutex_unlock(&markers_mutex);
marker_update_probes(); /* may update entry */
+ synchronize_sched();
+ kfree(old);
mutex_lock(&markers_mutex);
entry = get_marker_from_private_data(probe, probe_private);
WARN_ON(!entry);
- entry->oldptr = old;
- entry->rcu_pending = 1;
- /* write rcu_pending before calling the RCU callback */
- smp_wmb();
- call_rcu_sched(&entry->rcu, free_old_closure);
remove_marker(entry->name); /* Ignore busy error message */
end:
mutex_unlock(&markers_mutex);
next reply other threads:[~2008-09-29 8:03 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-29 8:00 Lai Jiangshan [this message]
2008-09-29 8:27 ` [PATCH] markers: fix unregister bug and reenter bug Ingo Molnar
2008-09-29 15:03 ` Mathieu Desnoyers
2008-09-29 15:05 ` [PATCH] Markers : marker_synchronize_unregister() Mathieu Desnoyers
2008-09-30 1:47 ` Lai Jiangshan
[not found] ` <20081002235650.43ca075c.akpm@linux-foundation.org>
2008-10-03 15:52 ` [PATCH] Markers synchronize unregister static inline Mathieu Desnoyers
2008-10-03 17:31 ` Ingo Molnar
2008-09-29 15:06 ` [PATCH] RCU read sched Mathieu Desnoyers
2008-09-30 10:08 ` Ingo Molnar
2008-09-30 13:10 ` Paul E. McKenney
2008-09-30 13:10 ` Paul E. McKenney
2008-09-29 15:08 ` [PATCH] Markers use rcu_read_lock_sched() Mathieu Desnoyers
2008-09-30 10:13 ` Ingo Molnar
2008-09-29 15:09 ` [PATCH] Markers : probe example fix teardown Mathieu Desnoyers
2008-09-29 15:10 ` [PATCH] Markers : documentation " Mathieu Desnoyers
2008-09-29 15:11 ` [PATCH] sputrace : use marker_synchronize_unregister() Mathieu Desnoyers
2008-09-29 15:13 ` Christoph Hellwig
2008-09-30 0:28 ` Jeremy Kerr
2008-09-30 9:55 ` Ingo Molnar
2008-09-30 11:22 ` [Cbe-oss-dev] " Jeremy Kerr
2008-09-30 11:30 ` Ingo Molnar
2008-09-30 11:34 ` Jeremy Kerr
2008-09-29 15:03 ` [PATCH] markers: fix unregister bug and reenter bug Mathieu Desnoyers
2008-09-30 1:40 ` Lai Jiangshan
2008-09-30 3:38 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48E08B05.7030802@cn.fujitsu.com \
--to=laijs@cn.fujitsu.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@polymtl.ca \
--cc=mingo@elte.hu \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox