Re: [PATCH V2] kernel/smp.c: fix a panic as cp->info is used wrongly and a, list corruption

[Pan Xinhui <xinhuix.pan@intel.com>]

hi, Greg

On 2015年05月14日 20:50, Greg KH wrote:
> On Fri, May 15, 2015 at 05:04:03PM +0800, Pan Xinhui wrote:
>> this patch reverts commit 3440a1 which causes the regression and fix a list corruption.
>>
>> base knowledge: kernel call cp->func using cp->info as its argument. like cp->func(cp->info);
>>
>> current code is totally wrong, as 1) &softirq is at stack. 2) cp->info don't point to struct call_single_data.
>> So in remote_softirq_receive,
>> 1) If the caller had left __try_remote_softirq, dereferencing cp->info could not fetch the correct value.
>> 2) And we can't get struct call_single_data *cp anymore.
>>
>> The list corruption is below.
>> __local_trigger will add cp->list into softirq_work_list. But no one will delete cp->list on behalf of us.
>> if we can succeed to raise_softirq_irqoff, we must delete it from softirq_work_list. because we will lost control of pointer cp.
>> cp is passed in and may be freed later in other places.
>>
>> Signed-off-by: Pan Xinhui <xinhuix.pan@intel.com>
>> ---
>> Changes in v2:
>>   no codes changed from v1, just update the comment.
>>   upstream commit fc21c0 fix this issue, as it removes the total feature. :)
>>   the buggy codes exist in v3.10 and v3.12.
>
> Why shouldn't we just include fc21c0 instead?  I don't like patches that
> are not identical to what is in Linus's tree.
>
yes, I hope to keep same patches with Linus's tree, too.
But this feature works well with my patch in :)
As far as I know, commit fc21c0 is bigger than 100 lines.
  18  include/linux/interrupt.h |  22 --------
  19  kernel/softirq.c          | 131 ----------------------------------------------
I am a little afraid that will broke something, and someone else using this feature, like me, will complain.

So I want to fix the panic with little codes changed.

thanks for your reply.

thanks.
xinhui

> thanks,
>
> greg k-h
>