stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: Sasha Levin <Alexander.Levin@microsoft.com>,
	stable <stable@vger.kernel.org>
Subject: Re: [4.9-stable] watchdog: Fix the race between the release of watchdog_core_data and cdev
Date: Thu, 21 May 2020 07:49:23 +0200	[thread overview]
Message-ID: <20200521054923.GC2295294@kroah.com> (raw)
In-Reply-To: <21124d783a72aa3292502100b1558ddf8f873b97.camel@codethink.co.uk>

On Wed, May 20, 2020 at 09:15:57PM +0100, Ben Hutchings wrote:
> On Wed, 2020-05-20 at 21:10 +0100, Ben Hutchings wrote:
> > Please queue up the attached backport of commit 2351c88f8296 "watchdog:
> > Fix the race between the release of watchdog_core_data and cdev" for
> > 4.14.
> 
> And here's the corresponding version for 4.9.
> 
> Ben.
> 
> -- 
> Ben Hutchings, Software Developer                         Codethink Ltd
> https://www.codethink.co.uk/                 Dale House, 35 Dale Street
>                                      Manchester, M1 2HF, United Kingdom

> From 1cf1b24c844a037da38e6096a865bcab75aa05eb Mon Sep 17 00:00:00 2001
> From: Kevin Hao <haokexin@gmail.com>
> Date: Tue, 8 Oct 2019 19:29:34 +0800
> Subject: watchdog: Fix the race between the release of watchdog_core_data and
>  cdev
> 
> commit 72139dfa2464e43957d330266994740bb7be2535 upstream.
> 
> The struct cdev is embedded in the struct watchdog_core_data. In the
> current code, we manage the watchdog_core_data with a kref, but the
> cdev is manged by a kobject. There is no any relationship between
> this kref and kobject. So it is possible that the watchdog_core_data is
> freed before the cdev is entirely released. We can easily get the
> following call trace with CONFIG_DEBUG_KOBJECT_RELEASE and
> CONFIG_DEBUG_OBJECTS_TIMERS enabled.
>   ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x38
>   WARNING: CPU: 23 PID: 1028 at lib/debugobjects.c:481 debug_print_object+0xb0/0xf0
>   Modules linked in: softdog(-) deflate ctr twofish_generic twofish_common camellia_generic serpent_generic blowfish_generic blowfish_common cast5_generic cast_common cmac xcbc af_key sch_fq_codel openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
>   CPU: 23 PID: 1028 Comm: modprobe Not tainted 5.3.0-next-20190924-yoctodev-standard+ #180
>   Hardware name: Marvell OcteonTX CN96XX board (DT)
>   pstate: 00400009 (nzcv daif +PAN -UAO)
>   pc : debug_print_object+0xb0/0xf0
>   lr : debug_print_object+0xb0/0xf0
>   sp : ffff80001cbcfc70
>   x29: ffff80001cbcfc70 x28: ffff800010ea2128
>   x27: ffff800010bad000 x26: 0000000000000000
>   x25: ffff80001103c640 x24: ffff80001107b268
>   x23: ffff800010bad9e8 x22: ffff800010ea2128
>   x21: ffff000bc2c62af8 x20: ffff80001103c600
>   x19: ffff800010e867d8 x18: 0000000000000060
>   x17: 0000000000000000 x16: 0000000000000000
>   x15: ffff000bd7240470 x14: 6e6968207473696c
>   x13: 5f72656d6974203a x12: 6570797420746365
>   x11: 6a626f2029302065 x10: 7461747320657669
>   x9 : 7463612820657669 x8 : 3378302f3078302b
>   x7 : 0000000000001d7a x6 : ffff800010fd5889
>   x5 : 0000000000000000 x4 : 0000000000000000
>   x3 : 0000000000000000 x2 : ffff000bff948548
>   x1 : 276a1c9e1edc2300 x0 : 0000000000000000
>   Call trace:
>    debug_print_object+0xb0/0xf0
>    debug_check_no_obj_freed+0x1e8/0x210
>    kfree+0x1b8/0x368
>    watchdog_cdev_unregister+0x88/0xc8
>    watchdog_dev_unregister+0x38/0x48
>    watchdog_unregister_device+0xa8/0x100
>    softdog_exit+0x18/0xfec4 [softdog]
>    __arm64_sys_delete_module+0x174/0x200
>    el0_svc_handler+0xd0/0x1c8
>    el0_svc+0x8/0xc
> 
> This is a common issue when using cdev embedded in a struct.
> Fortunately, we already have a mechanism to solve this kind of issue.
> Please see commit 233ed09d7fda ("chardev: add helper function to
> register char devs with a struct device") for more detail.

Wait, 233ed09d7fda ("chardev: add helper function to register char devs
with a struct device") only showed up in 4.12, it's not in 4.9, so how
is this needed for 4.9?

thanks,

greg k-h

      parent reply	other threads:[~2020-05-21  5:49 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-20 20:10 [4.14-stable] watchdog: Fix the race between the release of watchdog_core_data and cdev Ben Hutchings
2020-05-20 20:15 ` [4.9-stable] " Ben Hutchings
2020-05-21  5:45   ` Greg Kroah-Hartman
2020-05-21  5:49   ` Greg Kroah-Hartman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200521054923.GC2295294@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=Alexander.Levin@microsoft.com \
    --cc=ben.hutchings@codethink.co.uk \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).