From: "kautuk.c @samsung.com" <consul.kautuk@gmail.com> To: Andrew Morton <akpm@linux-foundation.org> Cc: Jens Axboe <jaxboe@fusionio.com>, Wu Fengguang <fengguang.wu@intel.com>, Jan Kara <jack@suse.cz>, Dave Chinner <dchinner@redhat.com>, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/1] mm/backing-dev.c: Call del_timer_sync instead of del_timer Date: Fri, 2 Sep 2011 10:47:03 +0530 [thread overview] Message-ID: <CAFPAmTQbdhNgFNoP0RyS0E9Gm4djA-W_4JWwpWZ7U=XnTKR+cg@mail.gmail.com> (raw) In-Reply-To: <20110901143333.51baf4ae.akpm@linux-foundation.org> Hi, On Fri, Sep 2, 2011 at 3:03 AM, Andrew Morton <akpm@linux-foundation.org> wrote: > On Thu, 1 Sep 2011 21:27:02 +0530 > Kautuk Consul <consul.kautuk@gmail.com> wrote: > >> This is important for SMP scenario, to check whether the timer >> callback is executing on another CPU when we are deleting the >> timer. >> > > I don't see why? > >> index d6edf8d..754b35a 100644 >> --- a/mm/backing-dev.c >> +++ b/mm/backing-dev.c >> @@ -385,7 +385,7 @@ static int bdi_forker_thread(void *ptr) >> * dirty data on the default backing_dev_info >> */ >> if (wb_has_dirty_io(me) || !list_empty(&me->bdi->work_list)) { >> - del_timer(&me->wakeup_timer); >> + del_timer_sync(&me->wakeup_timer); >> wb_do_writeback(me, 0); >> } > > It isn't a use-after-free fix: bdi_unregister() safely shoots down any > running timer. > In the situation that we do a del_timer at the same time that the wakeup_timer_fn is executing on another CPU, there is one tiny possible problem: 1) The wakeup_timer_fn will call wake_up_process on the bdi-default thread. This will set the bdi-default thread's state to TASK_RUNNING. 2) However, the code in bdi_writeback_thread() sets the state of the bdi-default process to TASK_INTERRUPTIBLE as it intends to sleep later. If 2) happens before 1), then the bdi_forker_thread will not sleep inside schedule as is the intention of the bdi_forker_thread() code. This protection is not achieved even by acquiring spinlocks before setting the task->state as the spinlock used in wakeup_timer_fn is &bdi->wb_lock whereas the code in bdi_forker_thread acquires &bdi_lock which is a different spin_lock. Am I correct in concluding this ? > Please completely explain what you believe the problem is here. >
WARNING: multiple messages have this Message-ID (diff)
From: "kautuk.c @samsung.com" <consul.kautuk@gmail.com> To: Andrew Morton <akpm@linux-foundation.org> Cc: Jens Axboe <jaxboe@fusionio.com>, Wu Fengguang <fengguang.wu@intel.com>, Jan Kara <jack@suse.cz>, Dave Chinner <dchinner@redhat.com>, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/1] mm/backing-dev.c: Call del_timer_sync instead of del_timer Date: Fri, 2 Sep 2011 10:47:03 +0530 [thread overview] Message-ID: <CAFPAmTQbdhNgFNoP0RyS0E9Gm4djA-W_4JWwpWZ7U=XnTKR+cg@mail.gmail.com> (raw) In-Reply-To: <20110901143333.51baf4ae.akpm@linux-foundation.org> Hi, On Fri, Sep 2, 2011 at 3:03 AM, Andrew Morton <akpm@linux-foundation.org> wrote: > On Thu, 1 Sep 2011 21:27:02 +0530 > Kautuk Consul <consul.kautuk@gmail.com> wrote: > >> This is important for SMP scenario, to check whether the timer >> callback is executing on another CPU when we are deleting the >> timer. >> > > I don't see why? > >> index d6edf8d..754b35a 100644 >> --- a/mm/backing-dev.c >> +++ b/mm/backing-dev.c >> @@ -385,7 +385,7 @@ static int bdi_forker_thread(void *ptr) >> * dirty data on the default backing_dev_info >> */ >> if (wb_has_dirty_io(me) || !list_empty(&me->bdi->work_list)) { >> - del_timer(&me->wakeup_timer); >> + del_timer_sync(&me->wakeup_timer); >> wb_do_writeback(me, 0); >> } > > It isn't a use-after-free fix: bdi_unregister() safely shoots down any > running timer. > In the situation that we do a del_timer at the same time that the wakeup_timer_fn is executing on another CPU, there is one tiny possible problem: 1) The wakeup_timer_fn will call wake_up_process on the bdi-default thread. This will set the bdi-default thread's state to TASK_RUNNING. 2) However, the code in bdi_writeback_thread() sets the state of the bdi-default process to TASK_INTERRUPTIBLE as it intends to sleep later. If 2) happens before 1), then the bdi_forker_thread will not sleep inside schedule as is the intention of the bdi_forker_thread() code. This protection is not achieved even by acquiring spinlocks before setting the task->state as the spinlock used in wakeup_timer_fn is &bdi->wb_lock whereas the code in bdi_forker_thread acquires &bdi_lock which is a different spin_lock. Am I correct in concluding this ? > Please completely explain what you believe the problem is here. > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2011-09-02 5:17 UTC|newest] Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top 2011-09-01 15:57 [PATCH 1/1] mm/backing-dev.c: Call del_timer_sync instead of del_timer Kautuk Consul 2011-09-01 15:57 ` Kautuk Consul 2011-09-01 21:33 ` Andrew Morton 2011-09-01 21:33 ` Andrew Morton 2011-09-02 5:17 ` kautuk.c @samsung.com [this message] 2011-09-02 5:17 ` kautuk.c @samsung.com 2011-09-02 11:21 ` Jan Kara 2011-09-02 11:21 ` Jan Kara 2011-09-02 11:44 ` kautuk.c @samsung.com 2011-09-02 11:44 ` kautuk.c @samsung.com 2011-09-02 12:02 ` kautuk.c @samsung.com 2011-09-02 12:02 ` kautuk.c @samsung.com 2011-09-02 15:14 ` Jan Kara 2011-09-02 15:14 ` Jan Kara 2011-09-05 5:49 ` kautuk.c @samsung.com 2011-09-05 5:49 ` kautuk.c @samsung.com 2011-09-05 10:39 ` Jan Kara 2011-09-05 10:39 ` Jan Kara 2011-09-05 14:36 ` kautuk.c @samsung.com 2011-09-05 14:36 ` kautuk.c @samsung.com 2011-09-05 16:05 ` Jan Kara 2011-09-05 16:05 ` Jan Kara 2011-09-06 4:11 ` kautuk.c @samsung.com 2011-09-06 4:11 ` kautuk.c @samsung.com 2011-09-06 9:14 ` Jan Kara 2011-09-06 9:14 ` Jan Kara
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAFPAmTQbdhNgFNoP0RyS0E9Gm4djA-W_4JWwpWZ7U=XnTKR+cg@mail.gmail.com' \ --to=consul.kautuk@gmail.com \ --cc=akpm@linux-foundation.org \ --cc=dchinner@redhat.com \ --cc=fengguang.wu@intel.com \ --cc=jack@suse.cz \ --cc=jaxboe@fusionio.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.